Vulnerabilities > Prestashop > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-04-16 CVE-2020-5294 Cross-site Scripting vulnerability in Prestashop Socialfollow
PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflected XSS with social networks fields The problem is fixed in 2.1.0
network
low complexity
prestashop CWE-79
5.4
2020-04-16 CVE-2020-5273 Cross-site Scripting vulnerability in Prestashop Linklist
In PrestaShop module ps_linklist versions before 3.1.0, there is a stored XSS when using custom URLs.
network
low complexity
prestashop CWE-79
5.4
2020-04-16 CVE-2020-5266 Cross-site Scripting vulnerability in Prestashop Link
In the ps_link module for PrestaShop before version 3.1.0, there is a stored XSS when you create or edit a link list block with the title field.
network
low complexity
prestashop CWE-79
5.4
2020-03-25 CVE-2020-5277 Cross-site Scripting vulnerability in Prestashop Faceted Search Module
PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflected XSS with `url_name` parameter.
network
low complexity
prestashop CWE-79
5.4
2020-03-05 CVE-2020-5250 Files or Directories Accessible to External Parties vulnerability in Prestashop
In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address.
network
low complexity
prestashop CWE-552
6.3
2020-02-14 CVE-2013-4792 Cross-Site Request Forgery (CSRF) vulnerability in Prestashop
PrestaShop before 1.4.11 allows logout CSRF.
network
low complexity
prestashop CWE-352
5.5
2020-02-14 CVE-2013-4791 Cross-site Scripting vulnerability in Prestashop
PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE.
network
low complexity
prestashop CWE-79
5.4
2020-02-11 CVE-2012-2517 Cross-site Scripting vulnerability in Prestashop
Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php.
network
low complexity
prestashop CWE-79
6.1
2020-01-09 CVE-2020-6632 Cross-site Scripting vulnerability in Prestashop 1.7.6.2
In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a QuickAccess link.
network
low complexity
prestashop CWE-79
6.1
2019-05-24 CVE-2019-11876 Cross-site Scripting vulnerability in multiple products
In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS.
network
low complexity
prestashop drupal CWE-79
6.1