Vulnerabilities > Prestashop > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-16 | CVE-2020-26225 | Unspecified vulnerability in Prestashop Product Comments 4.0.0/4.0.1/4.1.0 In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link. | 6.1 |
| 2020-09-24 | CVE-2020-15162 | Unspecified vulnerability in Prestashop In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. | 5.4 |
| 2020-09-24 | CVE-2020-15161 | Unspecified vulnerability in Prestashop In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. | 6.1 |
| 2020-07-21 | CVE-2020-15102 | Missing Authorization vulnerability in Prestashop Dashboard products In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. | 6.5 |
| 2020-07-02 | CVE-2020-15083 | Cross-site Scripting vulnerability in Prestashop In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a target sends a corrupted file, it leads to a reflected XSS. | 6.1 |
| 2020-07-02 | CVE-2020-15081 | Information Exposure vulnerability in Prestashop In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is information exposure in the upload directory. | 5.3 |
| 2020-07-02 | CVE-2020-15080 | Missing Authorization vulnerability in Prestashop In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. | 5.3 |
| 2020-07-02 | CVE-2020-15079 | Unspecified vulnerability in Prestashop In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. | 5.4 |
| 2020-07-02 | CVE-2020-11074 | Cross-site Scripting vulnerability in Prestashop In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there is a stored XSS when using the name of a quick access item. | 5.4 |
| 2020-04-20 | CVE-2020-5293 | Incorrect Authorization vulnerability in Prestashop In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. | 6.5 |