CVE-2026-25597

Summary (CVE-2026-25597): PrestaShop prior to 8.2.4 and 9.0.3 exposes a time-based user enumeration vulnerability in the login/authentication flow, allowing an attacker to deduce whether a customer account exists by measuring response times. The issue is fixed in versions 8.2.4 and 9.0.3. Impact ...

Cross-Site Scripting (XSS)

ezsystems/ezplatform-admin-ui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of user-controlled input in image asset names, content language names, and future publishing features, which allows an attacker with back-office editor or administrator privilege...

EUVD-2017-1901

Malware in sbrugna...

EUVD-2018-9043

Malware in sbrugna...

EUVD-2018-9044

Malware in sbrugna...

EUVD-2018-9045

Malware in sbrugna...

Ibexa RichText Field Type XSS vulnerabilities in back office

Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor...

Cross-Site Scripting (XSS)

prestashop/prestashop is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the customer thread feature allowing malicious file uploads through the front-office contact form. When an admin opens the attached file in back office, arbitrary JavaScript will be executed which can...

CVE-2024-34716 PrestaShop vulnerable to XSS via customer contact form in FO, through file upload

PrestaShop is an open source e-commerce web application. A cross-site scripting XSS vulnerability that only affects PrestaShops with customer-thread feature flag enabled is present starting from PrestaShop 8.1.0 and prior to PrestaShop 8.1.6. When the customer thread feature flag is enabled throu...

PT-2024-18979 · Unknown · Prestashop

Name of the Vulnerable Software and Affected Versions: PrestaShop versions prior to 8.1.3 Description: PrestaShop is an open-source e-commerce platform. The issue arises because the isCleanHtml method is not used on a specific form, allowing the storage of a cross-site scripting payload in the...

CVE-2023-28733

AnyMailing Joomla Plugin is vulnerable to stored cross site scripting XSS in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0...

CVE-2023-28733

AnyMailing Joomla Plugin is vulnerable to stored cross site scripting XSS in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0...

CVE-2023-28732

Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plug...

CVE-2023-28733 Stored XSS affecting the AcyMailing plugin for Joomla

AnyMailing Joomla Plugin is vulnerable to stored cross site scripting XSS in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0...

Potential XSS injection in the newsletter conditions field

Impact An employee can inject javascript in the newsletter condition field that will then be executed on the front office Patches The issue has been fixed in 2.6.1...

GHSA-VWFX-HH3W-FJ99 Potential XSS injection in the newsletter conditions field

Impact An employee can inject javascript in the newsletter condition field that will then be executed on the front office Patches The issue has been fixed in 2.6.1...

CVE-2021-21418

psemailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1...

CVE-2021-21418

psemailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1...

Race condition

psemailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1...

CVE-2018-17289

An XML external entity XXE vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration .ZIP file within the Kofax/KFS/Admin/PackageService/package/uploa...