Vulnerabilities > Prestashop > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-25 | CVE-2023-30545 | Unspecified vulnerability in Prestashop PrestaShop is an Open Source e-commerce web application. | 6.5 |
2022-12-08 | CVE-2022-46158 | Missing Authorization vulnerability in Prestashop PrestaShop is an open-source e-commerce solution. | 4.3 |
2022-09-02 | CVE-2022-35933 | Cross-site Scripting vulnerability in Prestashop Productcomments This package is a PrestaShop module that allows users to post reviews and rate products. | 6.1 |
2022-07-13 | CVE-2020-21967 | Cross-site Scripting vulnerability in Prestashop 1.7.6.7 File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page. | 4.8 |
2021-12-21 | CVE-2012-20001 | Cross-site Scripting vulnerability in Prestashop PrestaShop before 1.5.2 allows XSS via the "<object data='data:text/html" substring in the message field. | 6.1 |
2021-03-31 | CVE-2021-21418 | Unspecified vulnerability in Prestashop PS Emailsubscription 2.6.0 ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. | 5.4 |
2021-03-30 | CVE-2021-21398 | Unspecified vulnerability in Prestashop 1.7.7.0/1.7.7.1/1.7.7.2 PrestaShop is a fully scalable open source e-commerce solution. | 5.4 |
2020-11-16 | CVE-2020-26225 | Unspecified vulnerability in Prestashop Product Comments 4.0.0/4.0.1/4.1.0 In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link. | 6.1 |
2020-09-24 | CVE-2020-15162 | Unspecified vulnerability in Prestashop In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. | 5.4 |
2020-09-24 | CVE-2020-15161 | Unspecified vulnerability in Prestashop In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. | 6.1 |