VYPR

Prestashop

by Prestashop

Source repositories

CVEs (93)

  • CVE-2013-6358Jan 23, 2020
    risk 0.00cvss epss 0.04

    PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory.

  • CVE-2020-6632Jan 9, 2020
    risk 0.00cvss epss 0.01

    In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a QuickAccess link. This is related to AdminQuickAccessesController.php, themes/default/template/header.tpl, and themes/new-theme/js/header.js.

  • CVE-2019-13461Jul 9, 2019
    risk 0.00cvss epss 0.02

    In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer…

  • CVE-2018-20717Jan 15, 2019
    risk 0.00cvss epss 0.03

    In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. The attacker can then inject arbitrary PHP objects into the process and abuse an object…

  • CVE-2018-19124Nov 9, 2018
    risk 0.00cvss epss 0.03

    PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 on Windows allows remote attackers to write to arbitrary image files.

  • CVE-2018-7491HigFeb 26, 2018
    risk 0.00cvss 7.5epss 0.01

    In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess function in classes/Tools.php sets neither X-Frame-Options nor 'Content-Security-Policy…

  • CVE-2015-1175Jan 22, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in blocklayered-ajax.php in the blocklayered module in PrestaShop 1.6.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the layered_price_slider parameter.

  • CVE-2012-6641Apr 7, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in redirect.php in the Socolissimo module (modules/socolissimo/) in PrestaShop before 1.4.7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to "parameter names and values."

  • CVE-2012-5801Nov 4, 2012
    risk 0.00cvss epss 0.01

    The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate,…

  • CVE-2012-5800Nov 4, 2012
    risk 0.00cvss epss 0.01

    The eBay module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

  • CVE-2012-5799Nov 4, 2012
    risk 0.00cvss epss 0.01

    The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary…

  • CVE-2011-3796Sep 24, 2011
    risk 0.00cvss epss 0.02

    PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by product-sort.php and certain other files.

  • CVE-2008-5791Dec 31, 2008
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution before 1.1 Beta 2 (aka 1.1.0.1) have unknown impact and attack vectors, related to the (1) bankwire module, (2) cheque module, and other components.

Page 5 of 5