CVE-2018-5682
https://notcve.org/view.php?id=CVE-2018-5682
PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a "This account does not exist" error message. PrestaShop 1.7.2.4 permite la enumeración de usuarios mediante la característica Reset Password, al notar qué intentos de restablecimiento no producen un mensaje de error "This account does not exist". • http://forge.prestashop.com/browse/BOOM-4613 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-5681
https://notcve.org/view.php?id=CVE-2018-5681
PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen. PrestaShop 1.7.2.4 tiene XSS mediante la edición de código fuente en la pantalla "Pages > Edit page". • http://forge.prestashop.com/browse/BOOM-4612 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-1175 – Prestashop 1.6.0.9 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-1175
Cross-site scripting (XSS) vulnerability in blocklayered-ajax.php in the blocklayered module in PrestaShop 1.6.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the layered_price_slider parameter. Vulnerabilidad de XSS en blocklayered-ajax.php en el módulo blocklayered en PrestaShop 1.6.0.9 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro layered_price_slider. Prestashop version 1.6.0.9 suffers from a cross site scripting vulnerability. • http://octogence.com/advisories/cve-2015-1175-xss-prestashop http://packetstormsecurity.com/files/130026/Prestashop-1.6.0.9-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/534511/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/100013 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-6641
https://notcve.org/view.php?id=CVE-2012-6641
Cross-site scripting (XSS) vulnerability in redirect.php in the Socolissimo module (modules/socolissimo/) in PrestaShop before 1.4.7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to "parameter names and values." Vulnerabilidad de XSS en redirect.php en el módulo Socolissimo (modules/socolissimo/) en PrestaShop anterior a 1.4.7.2 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores relacionados con "nombres y valores de parámetros." • http://secunia.com/advisories/48036 http://www.prestashop.com/de/entwickler-versionen/changelog/1.4.7.2 http://www.securityfocus.com/bid/52962 https://exchange.xforce.ibmcloud.com/vulnerabilities/74773 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-2517 – PrestaShop 1.4.7 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2517
Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php. Una vulnerabilidad de tipo cross-site scripting (XSS) en PrestaShop versiones anteriores a 1.4.9, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del índice del parámetro product[] en el archivo ajax.php. PrestaShop versions 1.4.7 and 1.4.8 suffer from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/37684 https://www.htbridge.com/advisory/HTB23091 https://www.prestashop.com/download/old/changelog_1.4.9.0.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •