Shodan
Vulnerabilities
Vulnerable Software
Prestashop:  Security Vulnerabilities
CVE-2020-15162
In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-09-24
CVE-2020-15161
In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. The problem is fixed in 1.7.6.8
CVSS Score
5.4
EPSS Score
0.003
Published
2020-09-24
CVE-2020-15178
In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The `message` field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScript in a victim's browser.
CVSS Score
8.0
EPSS Score
0.006
Published
2020-09-15
CVE-2020-15102
In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. The problem is fixed in 2.1.0.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-07-21
CVE-2020-11074
In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there is a stored XSS when using the name of a quick access item. The problem is fixed in 1.7.6.6.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-07-02
CVE-2020-15079
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6
CVSS Score
6.4
EPSS Score
0.001
Published
2020-07-02
CVE-2020-15080
In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure `composer.json` and `docker-compose.yml` are not accessible on your server.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-07-02
CVE-2020-15081
In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is information exposure in the upload directory. The problem is fixed in version 1.7.6.6. A possible workaround is to add an empty index.php file in the upload directory.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-07-02
CVE-2020-15082
In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. The problem is fixed in 1.7.6.6
CVSS Score
7.1
EPSS Score
0.004
Published
2020-07-02
CVE-2020-15083
In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a target sends a corrupted file, it leads to a reflected XSS. The problem is fixed in 1.7.6.6
CVSS Score
4.7
EPSS Score
0.002
Published
2020-07-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved