GHSA-MRQ4-7CH7-2465 Server Side Twig Template Injection

PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds...

Server Side Twig Template Injection

PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds...

CVE-2022-21686 Server Side Twig Template Injection in PrestaShop

PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds...

Prestashop 代码注入漏洞

Prestashop is a set of open source e-commerce solutions from the United States Prestashop. The solution provides multiple payment methods, short message alerts and product image scaling. A code injection vulnerability exists in PrestaShop versions 1.7.0.0 - 1.7.8.2, which can be exploited by an...

IBM Cloud Pak for Security 信息泄露漏洞

IBM Cloud Pak for Security is an application from IBM America, Inc. An open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated action faster. A security vulnerability exists in IBM Cloud Pak for Security CP4S that stems from...

CVE-2021-29912

IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828...

IBM Cloud Pak for Security 加密问题漏洞

IBM Cloud Pak for Security CP4S is an open security platform from IBM that connects to your existing data sources, generates deeper insights, and enables you to act faster with automation. IBM Cloud Pak for Security CP4S suffers from an encryption issue vulnerability in versions 1.7.0.0, 1.7.1.0,...

PrestaShop 1.7.0.0 < 1.7.6.6 XSS Vulnerability

PrestaShop is prone to a cross-site scripting XSS vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2020-15083

In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a target sends a corrupted file, it leads to a reflected XSS. The problem is fixed in 1.7.6.6...

Cross site scripting

In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a target sends a corrupted file, it leads to a reflected XSS. The problem is fixed in 1.7.6.6...

PrestaShop Access Control Error Vulnerability

PrestaShop is a set of open source e-commerce solutions from PrestaShop, USA. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. An Access Control Error vulnerability exists in PrestaShop versions after 1.7.0.0 fixed in version...