Prestashop Security Vulnerabilities and Issues — Prestashop CVE List

Lucene search

PrestashopPrestashop

14 matches found

CVE•added 2020/04/20 5:15 p.m.•57 views

CVE-2020-5272

In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflected XSS on Search page with alias and search parameters. The problem is patched in 1.7.6.5

6.1CVSS5.1AI score0.00218EPSS

CVE•added 2020/04/20 5:15 p.m.•56 views

CVE-2020-5286

In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file. The problem is fixed in 1.7.6.5

6.1CVSS5AI score0.00218EPSS

CVE•added 2020/04/20 5:15 p.m.•54 views

CVE-2020-5278

In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflected XSS on Exception page The problem is fixed in 1.7.6.5

6.1CVSS5AI score0.00218EPSS

CVE•added 2020/04/20 5:15 p.m.•52 views

CVE-2020-5270

In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause...

6.1CVSS5AI score0.00182EPSS

CVE•added 2020/04/20 5:15 p.m.•51 views

CVE-2020-5264

In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. It allows anyone to execute arbitrary action. The problem is patched in the 1.7.6.5.

6.1CVSS5.7AI score0.00218EPSS

CVE•added 2020/04/20 5:15 p.m.•51 views

CVE-2020-5265

In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page. The problem is patched in 1.7.6.5.

6.1CVSS5.2AI score0.00218EPSS

CVE•added 2020/04/20 5:15 p.m.•51 views

CVE-2020-5279

In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. - admin-dev/index.php/configure/shop/customer-preferences/ - admin-dev/index.php/improve/international/translations/ - admin-dev/index.php/improve/internationa...

6.5CVSS5.3AI score0.00173EPSS

Web

CVE•added 2020/04/20 5:15 p.m.•47 views

CVE-2020-5269

In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the id_feature parameter. The problem is fixed in 1.7.6.5

6.1CVSS5AI score0.00218EPSS

CVE•added 2020/04/20 5:15 p.m.•38 views

CVE-2020-5276

In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflected XSS on AdminCarts page with cartBox parameter The problem is fixed in 1.7.6.5

6.1CVSS5AI score0.00218EPSS

CVE•added 2020/04/20 5:15 p.m.•37 views

CVE-2020-5293

In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. The problem is fixed in 1.7.6.5.

6.5CVSS6.4AI score0.00212EPSS

CVE•added 2020/04/20 5:15 p.m.•36 views

CVE-2020-5288

"In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. The problem is fixed in 1.7.6.5.

6.5CVSS5.2AI score0.00173EPSS

CVE•added 2020/04/20 5:15 p.m.•35 views

CVE-2020-5271

In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with date_from and date_to parameters in the dashboard page This problem is fixed in 1.7.6.5

6.1CVSS5AI score0.00218EPSS

CVE•added 2020/04/20 5:15 p.m.•34 views

CVE-2020-5287

In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. The problem is fixed in 1.7.6.5.

6.5CVSS5.2AI score0.00173EPSS

CVE•added 2020/04/20 5:15 p.m.•28 views

CVE-2020-5285

In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with back parameter. The problem is fixed in 1.7.6.5

6.1CVSS5AI score0.00218EPSS