Vulnerabilities (CVE)

Filtered by vendor Prestashop Subscribe
Filtered by product Prestashop
Total 87 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-5799 2 Prestashop, Presto-changeo 2 Prestashop, Canadapost 2024-02-28 5.8 MEDIUM N/A
The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function.
CVE-2012-5801 1 Prestashop 2 Ebay, Prestashop 2024-02-28 5.8 MEDIUM N/A
The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function.
CVE-2011-4544 1 Prestashop 1 Prestashop 2024-02-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) address or (2) relativ_base_dir parameter to modules/mondialrelay/googlemap.php; the (3) relativ_base_dir, (4) Pays, (5) Ville, (6) CP, (7) Poids, (8) Action, or (9) num parameter to prestashop/modules/mondialrelay/googlemap.php; (10) the num_mode parameter to modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php; (11) the Expedition parameter to modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php; or the (12) folder or (13) name parameter to admin/ajaxfilemanager/ajax_save_text.php.
CVE-2011-4545 1 Prestashop 1 Prestashop 2024-02-28 5.0 MEDIUM N/A
CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter.
CVE-2011-3796 1 Prestashop 1 Prestashop 2024-02-28 5.0 MEDIUM N/A
PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by product-sort.php and certain other files.
CVE-2008-5791 1 Prestashop 1 Prestashop 2024-02-28 10.0 HIGH N/A
Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution before 1.1 Beta 2 (aka 1.1.0.1) have unknown impact and attack vectors, related to the (1) bankwire module, (2) cheque module, and other components.
CVE-2008-6503 1 Prestashop 1 Prestashop 2024-02-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php.