Vulnerabilities > Prestashop > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-07-21 CVE-2020-15102 Missing Authorization vulnerability in Prestashop Dashboard products
In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration.
network
low complexity
prestashop CWE-862
6.5
2020-07-02 CVE-2020-15083 Cross-site Scripting vulnerability in Prestashop
In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a target sends a corrupted file, it leads to a reflected XSS.
network
low complexity
prestashop CWE-79
6.1
2020-07-02 CVE-2020-15081 Information Exposure vulnerability in Prestashop
In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is information exposure in the upload directory.
network
low complexity
prestashop CWE-200
5.3
2020-07-02 CVE-2020-15080 Missing Authorization vulnerability in Prestashop
In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible.
network
low complexity
prestashop CWE-862
5.3
2020-07-02 CVE-2020-15079 Unspecified vulnerability in Prestashop
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions.
network
low complexity
prestashop
5.4
2020-07-02 CVE-2020-11074 Cross-site Scripting vulnerability in Prestashop
In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there is a stored XSS when using the name of a quick access item.
network
low complexity
prestashop CWE-79
5.4
2020-04-20 CVE-2020-5293 Incorrect Authorization vulnerability in Prestashop
In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices.
network
low complexity
prestashop CWE-863
6.5
2020-04-20 CVE-2020-5288 Incorrect Authorization vulnerability in Prestashop
"In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page.
network
low complexity
prestashop CWE-863
6.5
2020-04-20 CVE-2020-5287 Incorrect Authorization vulnerability in Prestashop
In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search.
network
low complexity
prestashop CWE-863
6.5
2020-04-20 CVE-2020-5286 Cross-site Scripting vulnerability in Prestashop
In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file.
network
low complexity
prestashop CWE-79
6.1