Vulnerabilities > Prestashop > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-21 | CVE-2020-15102 | Missing Authorization vulnerability in Prestashop Dashboard products In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. | 4.0 |
| 2020-07-02 | CVE-2020-15083 | Cross-site Scripting vulnerability in Prestashop In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a target sends a corrupted file, it leads to a reflected XSS. | 4.3 |
| 2020-07-02 | CVE-2020-15081 | Information Exposure vulnerability in Prestashop In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is information exposure in the upload directory. | 5.0 |
| 2020-07-02 | CVE-2020-15080 | Missing Authorization vulnerability in Prestashop In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. | 5.0 |
| 2020-07-02 | CVE-2020-15079 | Unspecified vulnerability in Prestashop In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. | 5.5 |
| 2020-07-02 | CVE-2020-11074 | Cross-site Scripting vulnerability in Prestashop In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there is a stored XSS when using the name of a quick access item. | 5.4 |
| 2020-04-27 | CVE-2020-12120 | Information Exposure vulnerability in Prestashop Correos Express 1.6/1.6.0.4/1.7 The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. | 5.0 |
| 2020-04-20 | CVE-2020-5293 | Incorrect Authorization vulnerability in Prestashop In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. | 6.4 |
| 2020-04-20 | CVE-2020-5288 | Incorrect Authorization vulnerability in Prestashop "In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. | 6.4 |
| 2020-04-20 | CVE-2020-5287 | Incorrect Authorization vulnerability in Prestashop In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. | 6.4 |