Vulnerabilities > Prestashop > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-04-16 | CVE-2020-5294 | Cross-site Scripting vulnerability in Prestashop Socialfollow PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflected XSS with social networks fields The problem is fixed in 2.1.0 | 5.4 |
2020-04-16 | CVE-2020-5273 | Cross-site Scripting vulnerability in Prestashop Linklist In PrestaShop module ps_linklist versions before 3.1.0, there is a stored XSS when using custom URLs. | 5.4 |
2020-04-16 | CVE-2020-5266 | Cross-site Scripting vulnerability in Prestashop Link In the ps_link module for PrestaShop before version 3.1.0, there is a stored XSS when you create or edit a link list block with the title field. | 5.4 |
2020-03-25 | CVE-2020-5277 | Cross-site Scripting vulnerability in Prestashop Faceted Search Module PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflected XSS with `url_name` parameter. | 5.4 |
2020-03-05 | CVE-2020-5250 | Files or Directories Accessible to External Parties vulnerability in Prestashop In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. | 6.3 |
2020-02-14 | CVE-2013-4792 | Cross-Site Request Forgery (CSRF) vulnerability in Prestashop PrestaShop before 1.4.11 allows logout CSRF. | 5.5 |
2020-02-14 | CVE-2013-4791 | Cross-site Scripting vulnerability in Prestashop PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE. | 5.4 |
2020-02-11 | CVE-2012-2517 | Cross-site Scripting vulnerability in Prestashop Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php. | 6.1 |
2020-01-09 | CVE-2020-6632 | Cross-site Scripting vulnerability in Prestashop 1.7.6.2 In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a QuickAccess link. | 6.1 |
2019-05-24 | CVE-2019-11876 | Cross-site Scripting vulnerability in multiple products In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. | 6.1 |