CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2015-1175 – Prestashop 1.6.0.9 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-1175
20 Jan 2015 — Cross-site scripting (XSS) vulnerability in blocklayered-ajax.php in the blocklayered module in PrestaShop 1.6.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the layered_price_slider parameter. Vulnerabilidad de XSS en blocklayered-ajax.php en el módulo blocklayered en PrestaShop 1.6.0.9 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro layered_price_slider. Prestashop version 1.6.0.9 suffers from a cros... • https://packetstorm.news/files/id/130026 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 0CVE-2012-6641
https://notcve.org/view.php?id=CVE-2012-6641
07 Apr 2014 — Cross-site scripting (XSS) vulnerability in redirect.php in the Socolissimo module (modules/socolissimo/) in PrestaShop before 1.4.7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to "parameter names and values." Vulnerabilidad de XSS en redirect.php en el módulo Socolissimo (modules/socolissimo/) en PrestaShop anterior a 1.4.7.2 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores relacionados con "nombres y valores de parámetros." • http://secunia.com/advisories/48036 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2012-5799
https://notcve.org/view.php?id=CVE-2012-5799
04 Nov 2012 — The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function. El módulo Canada Post (alias CanadaPost) en PrestaShop no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el ... • http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2012-5800
https://notcve.org/view.php?id=CVE-2012-5800
04 Nov 2012 — The eBay module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. El módulo eBay en PrestaShop no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsifi... • http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2012-5801
https://notcve.org/view.php?id=CVE-2012-5801
04 Nov 2012 — The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function. El módulo PayPal en PrestaShop no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo... • http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 2CVE-2011-4545 – Prestashop 1.4.4.1 - 'displayImage.php' HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2011-4545
02 Dec 2011 — CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter. Vulnerabilidad de inyección CRLF en admin/displayimage.php en Prestashop v1.4.4.1 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de división de respuesta HTTP a través del parámetro name. • https://www.exploit-db.com/exploits/36345 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 1%CPEs: 22EXPL: 6CVE-2011-4544 – PrestaShop 1.4.4.1 - '/admin/ajaxfilemanager/ajax_save_text.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4544
01 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) address or (2) relativ_base_dir parameter to modules/mondialrelay/googlemap.php; the (3) relativ_base_dir, (4) Pays, (5) Ville, (6) CP, (7) Poids, (8) Action, or (9) num parameter to prestashop/modules/mondialrelay/googlemap.php; (10) the num_mode parameter to modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php; (11) the Expedition param... • https://www.exploit-db.com/exploits/36344 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3796
https://notcve.org/view.php?id=CVE-2011-3796
24 Sep 2011 — PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by product-sort.php and certain other files. PrestaShop v1.4.0.6 permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con product-sort.php y algunos otros archivos. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2008-6503 – PrestaShop 1.1 - '/admin/login.php?PATH_INFO' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-6503
20 Mar 2009 — Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en PrestaShop v1.1.0.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de PATH_INFO en (1)admin/login.php y (2) order.php. • https://www.exploit-db.com/exploits/32647 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 19EXPL: 0CVE-2008-5791
https://notcve.org/view.php?id=CVE-2008-5791
31 Dec 2008 — Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution before 1.1 Beta 2 (aka 1.1.0.1) have unknown impact and attack vectors, related to the (1) bankwire module, (2) cheque module, and other components. Múltiples vulnerabilidades sin especificar en PrestaShop e-Commerce Solution anterior a v1.1 Beta 2 (también conocida como v1.1.0.1), tiene un impacto y vectores de ataque desconocidos relacionados con los módulos (1) bankwire y (2) cheque así como con otros componentes. • http://secunia.com/advisories/32486 •