Total
90 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19124 | 2 Microsoft, Prestashop | 2 Windows, Prestashop | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 on Windows allows remote attackers to write to arbitrary image files. | |||||
| CVE-2018-13784 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php. | |||||
| CVE-2018-10942 | 2 Attribute Wizard Project, Prestashop | 2 Attribute Wizard, Prestashop | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file. | |||||
| CVE-2013-6358 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory. | |||||
| CVE-2013-6295 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module | |||||
| CVE-2013-4792 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
| PrestaShop before 1.4.11 allows logout CSRF. | |||||
| CVE-2013-4791 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE. | |||||
| CVE-2012-2517 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php. | |||||
| CVE-2012-20001 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PrestaShop before 1.5.2 allows XSS via the "<object data='data:text/html" substring in the message field. | |||||
| CVE-2024-41651 | 1 Prestashop | 1 Prestashop | 2024-10-09 | N/A | 8.1 HIGH |
| An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploitation requires that an attacker be able to hijack network requests made by an admin user (who, by design, is allowed to change the code that is running on the server). | |||||