PrestaShop Information Disclosure Vulnerability (CNVD-2020-41809)

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. An information disclosure vulnerability exists in PrestaShop versions after 1.7.4.0...

CVE-2020-15080

In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure composer.json and docker-compose.yml are not accessible on your server...

Code injection

In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure composer.json and docker-compose.yml are not accessible on your server...

CVE-2020-15080 Information disclosure in release archive in PrestaShop

In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure composer.json and docker-compose.yml are not accessible on your server...

PrestaShop cross-site scripting vulnerability (CNVD-2020-25945)

PrestaShop is a set of open source e-commerce solutions from PrestaShop, USA. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A cross-site scripting vulnerability exists in PrestaShop versions after 1.7.4.0 fixed in version...

Cross site scripting

In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file. The problem is fixed in 1.7.6.5...