Vulnerabilities > Prestashop > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-04-25 CVE-2023-30545 Unspecified vulnerability in Prestashop
PrestaShop is an Open Source e-commerce web application.
network
low complexity
prestashop
6.5
2022-12-08 CVE-2022-46158 Missing Authorization vulnerability in Prestashop
PrestaShop is an open-source e-commerce solution.
network
low complexity
prestashop CWE-862
4.3
2022-09-02 CVE-2022-35933 Cross-site Scripting vulnerability in Prestashop Productcomments
This package is a PrestaShop module that allows users to post reviews and rate products.
network
low complexity
prestashop CWE-79
6.1
2022-07-13 CVE-2020-21967 Cross-site Scripting vulnerability in Prestashop 1.7.6.7
File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page.
network
low complexity
prestashop CWE-79
4.8
2021-12-21 CVE-2012-20001 Cross-site Scripting vulnerability in Prestashop
PrestaShop before 1.5.2 allows XSS via the "<object data='data:text/html" substring in the message field.
network
low complexity
prestashop CWE-79
6.1
2021-03-31 CVE-2021-21418 Unspecified vulnerability in Prestashop PS Emailsubscription 2.6.0
ps_emailsubscription is a newsletter subscription module for the PrestaShop platform.
network
low complexity
prestashop
5.4
2021-03-30 CVE-2021-21398 Unspecified vulnerability in Prestashop 1.7.7.0/1.7.7.1/1.7.7.2
PrestaShop is a fully scalable open source e-commerce solution.
network
low complexity
prestashop
5.4
2020-11-16 CVE-2020-26225 Unspecified vulnerability in Prestashop Product Comments 4.0.0/4.0.1/4.1.0
In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link.
network
low complexity
prestashop
6.1
2020-09-24 CVE-2020-15162 Unspecified vulnerability in Prestashop
In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files.
network
low complexity
prestashop
5.4
2020-09-24 CVE-2020-15161 Unspecified vulnerability in Prestashop
In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form.
network
low complexity
prestashop
6.1