Vulnerabilities > Prestashop > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-11 | CVE-2012-2517 | Cross-site Scripting vulnerability in Prestashop Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php. | 6.1 |
| 2020-01-09 | CVE-2020-6632 | Cross-site Scripting vulnerability in Prestashop 1.7.6.2 In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a QuickAccess link. | 6.1 |
| 2019-05-24 | CVE-2019-11876 | Cross-site Scripting vulnerability in multiple products In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. | 6.1 |
| 2018-01-13 | CVE-2018-5682 | Information Exposure vulnerability in Prestashop 1.7.2.4 PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a "This account does not exist" error message. | 5.3 |
| 2018-01-13 | CVE-2018-5681 | Cross-site Scripting vulnerability in Prestashop 1.7.2.4 PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen. | 5.4 |