Vulnerabilities > Prestashop > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-16 CVE-2023-48926 Missing Authorization vulnerability in Prestashop Advanced Loyalty Program
An issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allows unauthenticated attackers to arbitrarily change an order status.
network
low complexity
prestashop CWE-862
5.3
2024-01-02 CVE-2024-21628 Unspecified vulnerability in Prestashop
PrestaShop is an open-source e-commerce platform.
network
low complexity
prestashop
6.1
2024-01-02 CVE-2024-21627 Cross-site Scripting vulnerability in Prestashop
PrestaShop is an open-source e-commerce platform.
network
low complexity
prestashop CWE-79
6.1
2023-11-09 CVE-2023-47110 Unspecified vulnerability in Prestashop Customer Reassurance Block
blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy.
network
low complexity
prestashop
5.3
2023-09-28 CVE-2023-43663 Unspecified vulnerability in Prestashop
PrestaShop is an Open Source e-commerce web application.
network
low complexity
prestashop
4.3
2023-09-28 CVE-2023-43664 Unspecified vulnerability in Prestashop
PrestaShop is an Open Source e-commerce web application.
network
low complexity
prestashop
4.3
2023-09-20 CVE-2022-45448 Cross-site Scripting vulnerability in Prestashop M4 PDF
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability.
network
low complexity
prestashop CWE-79
6.1
2023-09-20 CVE-2022-45447 Path Traversal vulnerability in Prestashop M4 PDF
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability.
network
low complexity
prestashop CWE-22
6.5
2023-08-07 CVE-2023-39527 Unspecified vulnerability in Prestashop
PrestaShop is an open source e-commerce web application.
network
low complexity
prestashop
6.1
2023-07-25 CVE-2023-33777 Path Traversal vulnerability in Prestashop Amazon
An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows attackers to execute a directory traversal attack.
network
low complexity
prestashop CWE-22
5.3