Jms Blog - SQL Injection

The module Jms Blog jmsblog from Joommasters contains a Time Based SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joommasters PrestaShop themes id: CVE-2023-27034 info: name: Jms Blog - SQL Injection author: MaStErChO severity: critical...

CVE-2026-44212 PrestaShop: Stored XSS executable in customer service view

PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The...

EUVD-2026-30481

PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The...

PrestaShop 跨站脚本漏洞

PrestaShop is an open-source e-commerce solution developed by the PrestaShop company in the United States. This solution offers various payment methods, SMS notifications, and features like image scaling for products. Versions of PrestaShop prior to 8.2.6 and 9.1.1 contained a cross-site scriptin...

PT-2026-39239

Name of the Vulnerable Software and Affected Versions PrestaShop versions prior to 8.2.6 PrestaShop versions prior to 9.1.1 Description A stored Cross-site Scripting XSS issue exists in the back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form using ...

CVE-2026-33674

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available...

CVE-2026-33673 PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting stored XSS vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability,...

CVE-2026-33673 PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting stored XSS vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability,...

CVE-2025-69633

A SQL Injection vulnerability in the Advanced Popup Creator advancedpopupcreator module for PrestaShop 1.1.26 through 1.2.6 Fixed in version 1.2.7 allows remote unauthenticated attackers to execute arbitrary SQL queries via the fromController parameter in the popup controller. The parameter is...

Exploit for Improper Authentication in Prestashop Prestashop_Checkout

CVE-2025-61922 Exploit: PrestaShop Checkout Account Takeover...

CVE-2025-61924

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wrong usage of the PHP arraysearch. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known...

EUVD-2025-34789

PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure...

CVE-2025-61923

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the backoffice is missing validation on input resulting in a directory traversal and arbitrary file disclosure. The vulnerability is fixed in versions 4.4.1 and 5.0.5. N...

CVE-2025-61924

CVE-2025-61924 affects PrestaShop Checkout (ps_checkout) in editions prior to 4.4.1 and 5.0.5. The root cause is incorrect use of PHP array_search() in backoffice logic, enabling potential Target PayPal merchant account hijacking. Mitigation: upgrade to 4.4.1 for PrestaShop 1.7/8 (and 5.0.5 for P...

CVE-2025-61924 PrestaShop Checkout Target PayPal merchant account hijacking from backoffice

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wrong usage of the PHP arraysearch. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known...

CVE-2025-61923

CVE-2025-61923 concerns PrestaShop Checkout (backoffice) where missing input validation enables a directory traversal and arbitrary file disclosure. Connected sources (Red Hat, NVD, OSV, Snyk, GHSA) confirm the affected component is the PrestaShop Checkout module; vulnerable versions are prior to...

CVE-2025-61923 PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the backoffice is missing validation on input resulting in a directory traversal and arbitrary file disclosure. The vulnerability is fixed in versions 4.4.1 and 5.0.5. N...

idnovate Super User 安全漏洞

idnovate Super User is a customer login module for PrestaShop by idnovate. A security vulnerability exists in idnovate Super User version 9.6.0 and earlier, which stems from improper export of the AndroidManifest.xml file component de.idnow...

CVE-2023-28839

Shoppingfeed PrestaShop is an add-on to the PrestaShop ecommerce platform to synchronize data. The module Shoppingfeed for PrestaShop is vulnerable to SQL injection between version 1.4.0 and 1.8.2 due to a lack of input sanitization. This issue has been addressed in version 1.8.3. Users are advis...

CVE-2023-26865

SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and before allowing a remote attacker to gain privileges via the BdroppyCronModuleFrontController::importProducts component...