CVE-2018-5682
https://notcve.org/view.php?id=CVE-2018-5682
PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a "This account does not exist" error message. PrestaShop 1.7.2.4 permite la enumeración de usuarios mediante la característica Reset Password, al notar qué intentos de restablecimiento no producen un mensaje de error "This account does not exist". • http://forge.prestashop.com/browse/BOOM-4613 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-5681
https://notcve.org/view.php?id=CVE-2018-5681
PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen. PrestaShop 1.7.2.4 tiene XSS mediante la edición de código fuente en la pantalla "Pages > Edit page". • http://forge.prestashop.com/browse/BOOM-4612 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-1175 – Prestashop 1.6.0.9 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-1175
Cross-site scripting (XSS) vulnerability in blocklayered-ajax.php in the blocklayered module in PrestaShop 1.6.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the layered_price_slider parameter. Vulnerabilidad de XSS en blocklayered-ajax.php en el módulo blocklayered en PrestaShop 1.6.0.9 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro layered_price_slider. Prestashop version 1.6.0.9 suffers from a cross site scripting vulnerability. • http://octogence.com/advisories/cve-2015-1175-xss-prestashop http://packetstormsecurity.com/files/130026/Prestashop-1.6.0.9-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/534511/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/100013 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •