CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2012-2517 – PrestaShop 1.4.7 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2517
Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php. Una vulnerabilidad de tipo cross-site scripting (XSS) en PrestaShop versiones anteriores a 1.4.9, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del índice del parámetro product[] en el archivo ajax.php. PrestaShop versions 1.4.7 and 1.4.8 suffer from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/37684 https://www.htbridge.com/advisory/HTB23091 https://www.prestashop.com/download/old/changelog_1.4.9.0.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2011-4545 – Prestashop 1.4.4.1 - 'displayImage.php' HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2011-4545
CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter. Vulnerabilidad de inyección CRLF en admin/displayimage.php en Prestashop v1.4.4.1 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de división de respuesta HTTP a través del parámetro name. • https://www.exploit-db.com/exploits/36345 http://www.securityfocus.com/bid/50785 https://www.dognaedis.com/vulns/DGS-SEC-7.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 6CVE-2011-4544 – PrestaShop 1.4.4.1 - '/admin/ajaxfilemanager/ajax_save_text.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4544
Multiple cross-site scripting (XSS) vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) address or (2) relativ_base_dir parameter to modules/mondialrelay/googlemap.php; the (3) relativ_base_dir, (4) Pays, (5) Ville, (6) CP, (7) Poids, (8) Action, or (9) num parameter to prestashop/modules/mondialrelay/googlemap.php; (10) the num_mode parameter to modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php; (11) the Expedition parameter to modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php; or the (12) folder or (13) name parameter to admin/ajaxfilemanager/ajax_save_text.php. Varias vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en Prestashop antes de v1.5 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) la dirección o (2) el parámetro relativ_base_dir a modules/mondialrelay/googlemap.php; tambien con los parámetros (3) relativ_base_dir, (4) Pays (5), Ville, (6) CP, (7) Poids, (8) Action, o (9) num para prestashop/modules/mondialrelay/googlemap.php; También el parámetro (10) num_mode a modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php; (11) el parámetro de la expedición a modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php, o los parámetros (12) folder o (13) name a admin/ajaxfilemanager/ajax_save_text.php. • https://www.exploit-db.com/exploits/36344 https://www.exploit-db.com/exploits/36342 https://www.exploit-db.com/exploits/36343 https://www.exploit-db.com/exploits/36341 http://www.securityfocus.com/bid/50784 https://www.dognaedis.com/vulns/DGS-SEC-5.html https://www.dognaedis.com/vulns/DGS-SEC-6.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3796
https://notcve.org/view.php?id=CVE-2011-3796
PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by product-sort.php and certain other files. PrestaShop v1.4.0.6 permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con product-sort.php y algunos otros archivos. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/prestashop_1.4.0.6 http://www.openwall.com/lists/oss-security/2011/06/27/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3CVE-2008-6503 – PrestaShop 1.1 - '/admin/login.php?PATH_INFO' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-6503
Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en PrestaShop v1.1.0.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de PATH_INFO en (1)admin/login.php y (2) order.php. • https://www.exploit-db.com/exploits/32647 https://www.exploit-db.com/exploits/32648 http://www.securityfocus.com/archive/1/498994/100/100/threaded http://www.securityfocus.com/bid/32689 https://exchange.xforce.ibmcloud.com/vulnerabilities/47158 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •