Vulnerabilities > Prestashop > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-04-20 CVE-2020-5285 Cross-site Scripting vulnerability in Prestashop
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with `back` parameter.
network
low complexity
prestashop CWE-79
6.1
2020-04-20 CVE-2020-5279 Incorrect Authorization vulnerability in Prestashop
In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers.
network
low complexity
prestashop CWE-863
6.5
2020-04-20 CVE-2020-5278 Cross-site Scripting vulnerability in Prestashop
In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflected XSS on Exception page The problem is fixed in 1.7.6.5
network
low complexity
prestashop CWE-79
6.1
2020-04-20 CVE-2020-5276 Cross-site Scripting vulnerability in Prestashop
In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflected XSS on AdminCarts page with `cartBox` parameter The problem is fixed in 1.7.6.5
network
low complexity
prestashop CWE-79
6.1
2020-04-20 CVE-2020-5272 Cross-site Scripting vulnerability in Prestashop
In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflected XSS on Search page with `alias` and `search` parameters.
network
low complexity
prestashop CWE-79
6.1
2020-04-20 CVE-2020-5271 Cross-site Scripting vulnerability in Prestashop
In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5
network
low complexity
prestashop CWE-79
6.1
2020-04-20 CVE-2020-5270 Open Redirect vulnerability in Prestashop
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter.
network
low complexity
prestashop CWE-601
6.1
2020-04-20 CVE-2020-5269 Cross-site Scripting vulnerability in Prestashop 1.7.6.2/1.7.6.3/1.7.6.4
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter.
network
low complexity
prestashop CWE-79
6.1
2020-04-20 CVE-2020-5265 Cross-site Scripting vulnerability in Prestashop 1.7.6.2/1.7.6.3/1.7.6.4
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page.
network
low complexity
prestashop CWE-79
6.1
2020-04-20 CVE-2020-5264 Cross-site Scripting vulnerability in Prestashop
In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page.
network
low complexity
prestashop CWE-79
6.1