Vulnerabilities (CVE)

Filtered by vendor Prestashop Subscribe
Filtered by product Prestashop
Total 87 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-20001 1 Prestashop 1 Prestashop 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
PrestaShop before 1.5.2 allows XSS via the "<object data='data:text/html" substring in the message field.
CVE-2011-4545 1 Prestashop 1 Prestashop 2024-11-21 5.0 MEDIUM N/A
CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter.
CVE-2011-4544 1 Prestashop 1 Prestashop 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) address or (2) relativ_base_dir parameter to modules/mondialrelay/googlemap.php; the (3) relativ_base_dir, (4) Pays, (5) Ville, (6) CP, (7) Poids, (8) Action, or (9) num parameter to prestashop/modules/mondialrelay/googlemap.php; (10) the num_mode parameter to modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php; (11) the Expedition parameter to modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php; or the (12) folder or (13) name parameter to admin/ajaxfilemanager/ajax_save_text.php.
CVE-2011-3796 1 Prestashop 1 Prestashop 2024-11-21 5.0 MEDIUM N/A
PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by product-sort.php and certain other files.
CVE-2008-6503 1 Prestashop 1 Prestashop 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php.
CVE-2008-5791 1 Prestashop 1 Prestashop 2024-11-21 10.0 HIGH N/A
Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution before 1.1 Beta 2 (aka 1.1.0.1) have unknown impact and attack vectors, related to the (1) bankwire module, (2) cheque module, and other components.
CVE-2024-41651 1 Prestashop 1 Prestashop 2024-10-09 N/A 8.1 HIGH
An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploitation requires that an attacker be able to hijack network requests made by an admin user (who, by design, is allowed to change the code that is running on the server).