Shodan
Vulnerabilities
Vulnerable Software
Prestashop:  Security Vulnerabilities
CVE-2020-5273
In PrestaShop module ps_linklist versions before 3.1.0, there is a stored XSS when using custom URLs. The problem is fixed in version 3.1.0
CVSS Score
4.1
EPSS Score
0.002
Published
2020-04-16
CVE-2020-5294
PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflected XSS with social networks fields The problem is fixed in 2.1.0
CVSS Score
4.1
EPSS Score
0.002
Published
2020-04-16
CVE-2020-5277
PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflected XSS with `url_name` parameter. The problem is fixed in 3.5.0
CVSS Score
4.1
EPSS Score
0.002
Published
2020-03-25
CVE-2020-5250
In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. It is the same with CustomerForm, you are able to change the id_customer and change all information of all accounts. The problem is patched in version 1.7.6.4.
CVSS Score
7.6
EPSS Score
0.006
Published
2020-03-05
CVE-2013-6295
PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module
CVSS Score
9.8
EPSS Score
0.003
Published
2020-02-18
CVE-2013-4791
PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-02-14
CVE-2013-4792
PrestaShop before 1.4.11 allows logout CSRF.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-02-14
CVE-2012-2517
Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php.
CVSS Score
6.1
EPSS Score
0.009
Published
2020-02-11
CVE-2013-6358
PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory.
CVSS Score
8.8
EPSS Score
0.032
Published
2020-01-23
CVE-2020-6632
In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a QuickAccess link. This is related to AdminQuickAccessesController.php, themes/default/template/header.tpl, and themes/new-theme/js/header.js.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved