Vulnerabilities > Prestashop > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2023-48926 | Missing Authorization vulnerability in Prestashop Advanced Loyalty Program An issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allows unauthenticated attackers to arbitrarily change an order status. | 5.3 |
| 2024-01-02 | CVE-2024-21628 | Cross-site Scripting vulnerability in Prestashop PrestaShop is an open-source e-commerce platform. | 6.1 |
| 2024-01-02 | CVE-2024-21627 | Cross-site Scripting vulnerability in Prestashop PrestaShop is an open-source e-commerce platform. | 6.1 |
| 2023-11-09 | CVE-2023-47110 | Unspecified vulnerability in Prestashop Customer Reassurance Block blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. | 5.3 |
| 2023-09-28 | CVE-2023-43663 | Improper Privilege Management vulnerability in Prestashop PrestaShop is an Open Source e-commerce web application. | 4.3 |
| 2023-09-28 | CVE-2023-43664 | Improper Privilege Management vulnerability in Prestashop PrestaShop is an Open Source e-commerce web application. | 4.3 |
| 2023-09-20 | CVE-2022-45448 | Cross-site Scripting vulnerability in Prestashop M4 PDF M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. | 6.1 |
| 2023-09-20 | CVE-2022-45447 | Path Traversal vulnerability in Prestashop M4 PDF M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. | 6.5 |
| 2023-08-07 | CVE-2023-39527 | Improper Encoding or Escaping of Output vulnerability in Prestashop PrestaShop is an open source e-commerce web application. | 6.1 |
| 2023-07-25 | CVE-2023-33777 | Path Traversal vulnerability in Prestashop Amazon An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows attackers to execute a directory traversal attack. | 5.3 |