Vulnerabilities > Prestashop > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-13 | CVE-2020-21967 | Cross-site Scripting vulnerability in Prestashop 1.7.6.7 File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page. | 3.5 |
| 2021-03-31 | CVE-2021-21418 | Cross-site Scripting vulnerability in Prestashop PS Emailsubscription ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. | 3.5 |
| 2021-03-30 | CVE-2021-21398 | Cross-site Scripting vulnerability in Prestashop 1.7.7.0 PrestaShop is a fully scalable open source e-commerce solution. | 3.5 |
| 2020-09-24 | CVE-2020-15162 | Cross-site Scripting vulnerability in Prestashop In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. | 3.5 |
| 2020-04-16 | CVE-2020-5266 | Cross-site Scripting vulnerability in Prestashop Link In the ps_link module for PrestaShop before version 3.1.0, there is a stored XSS when you create or edit a link list block with the title field. | 3.5 |
| 2020-04-16 | CVE-2020-5273 | Cross-site Scripting vulnerability in Prestashop Linklist In PrestaShop module ps_linklist versions before 3.1.0, there is a stored XSS when using custom URLs. | 3.5 |
| 2020-04-16 | CVE-2020-5294 | Cross-site Scripting vulnerability in Prestashop Socialfollow PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflected XSS with social networks fields The problem is fixed in 2.1.0 | 3.5 |
| 2020-03-25 | CVE-2020-5277 | Cross-site Scripting vulnerability in Prestashop Faceted Search Module PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflected XSS with `url_name` parameter. | 3.5 |
| 2020-02-14 | CVE-2013-4791 | Cross-site Scripting vulnerability in Prestashop PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE. | 3.5 |
| 2020-02-14 | CVE-2013-4792 | Cross-Site Request Forgery (CSRF) vulnerability in Prestashop PrestaShop before 1.4.11 allows logout CSRF. | 3.5 |