Vulnerabilities > Prestashop > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-04-20 CVE-2020-5286 Cross-site Scripting vulnerability in Prestashop
In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file.
network
prestashop CWE-79
4.3
2020-04-20 CVE-2020-5285 Cross-site Scripting vulnerability in Prestashop
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with `back` parameter.
network
prestashop CWE-79
4.3
2020-04-20 CVE-2020-5279 Incorrect Authorization vulnerability in Prestashop
In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers.
network
low complexity
prestashop CWE-863
6.4
2020-04-20 CVE-2020-5278 Cross-site Scripting vulnerability in Prestashop
In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflected XSS on Exception page The problem is fixed in 1.7.6.5
network
prestashop CWE-79
4.3
2020-04-20 CVE-2020-5276 Cross-site Scripting vulnerability in Prestashop
In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflected XSS on AdminCarts page with `cartBox` parameter The problem is fixed in 1.7.6.5
network
prestashop CWE-79
4.3
2020-04-20 CVE-2020-5272 Cross-site Scripting vulnerability in Prestashop
In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflected XSS on Search page with `alias` and `search` parameters.
network
prestashop CWE-79
4.3
2020-04-20 CVE-2020-5271 Cross-site Scripting vulnerability in Prestashop
In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5
network
prestashop CWE-79
4.3
2020-04-20 CVE-2020-5270 Open Redirect vulnerability in Prestashop
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter.
5.8
2020-04-20 CVE-2020-5269 Cross-site Scripting vulnerability in Prestashop 1.7.6.2/1.7.6.3/1.7.6.4
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter.
network
prestashop CWE-79
4.3
2020-04-20 CVE-2020-5265 Cross-site Scripting vulnerability in Prestashop 1.7.6.2/1.7.6.3/1.7.6.4
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page.
network
prestashop CWE-79
4.3