CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5276 – Reflected XSS on AdminCarts page of PrestaShop
https://notcve.org/view.php?id=CVE-2020-5276
20 Apr 2020 — In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflected XSS on AdminCarts page with `cartBox` parameter The problem is fixed in 1.7.6.5 En PrestaShop entre las versiones 1.7.1.0 y 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado en la página AdminCarts con el parámetro "cartBox". El problema es corregido en la versión 1.7.6.5 • https://github.com/PrestaShop/PrestaShop/commit/6838d21850e7227fb8afbf568cb0386b3dedd3ef • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5278 – Reflected XSS on Exception page of PrestaShop
https://notcve.org/view.php?id=CVE-2020-5278
20 Apr 2020 — In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflected XSS on Exception page The problem is fixed in 1.7.6.5 En PrestaShop entre las versiones 1.5.4.0 y 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado en la página Exception. El problema es corregido en la versión 1.7.6.5 • https://github.com/PrestaShop/PrestaShop/commit/ea85210d6e5d81f058b55764bc4608cdb0b36c5d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5279 – Improper Access Control for certain legacy controller in PrestaShop
https://notcve.org/view.php?id=CVE-2020-5279
20 Apr 2020 — In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. - admin-dev/index.php/configure/shop/customer-preferences/ - admin-dev/index.php/improve/international/translations/ - admin-dev/index.php/improve/international/geolocation/ - admin-dev/index.php/improve/international/localization - admin-dev/index.php/configure/advanced/performance - admin-dev/index.php/sell/orders/delivery-slips/ - admin-dev/index.php?controller=Admin... • https://github.com/PrestaShop/PrestaShop/commit/4444fb85761667a2206874a3112ccc77f657d76a • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5264 – Reflected XSS in security compromised page of PrestaShop
https://notcve.org/view.php?id=CVE-2020-5264
20 Apr 2020 — In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. It allows anyone to execute arbitrary action. The problem is patched in the 1.7.6.5. En PrestaShop versiones anteriores a 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado mientras se ejecuta la página security compromised. Permite a cualquiera ejecutar una acción arbitraria. • https://github.com/PrestaShop/PrestaShop/commit/06b7765c91c58e09ab4f8ddafbde02070fcb6f3a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 1CVE-2020-5250 – Possible information disclosure in PrestaShop
https://notcve.org/view.php?id=CVE-2020-5250
05 Mar 2020 — In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. It is the same with CustomerForm, you are able to change the id_customer and change all information of all accounts. The problem is patched in version 1.7.6.4. En PrestaShop versiones anteriores a 1.7.6.4, cuando un cliente edita su dirección, ellos pueden cambiar libremente el id_address en el formulario y, por lo tanto, robar la dirección de o... • https://github.com/drkbcn/lblfixer_cve2020_5250 • CWE-285: Improper Authorization CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2019-13461
https://notcve.org/view.php?id=CVE-2019-13461
09 Jul 2019 — In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop bug #14444. En PrestaShop versiones anteriores a 1.7.6.0 RC2, los parámetros id_address_delivery y id_address_invoice se ven afectados por una vulnerabilidad de Referencia de Objeto Directa no Segura debido a un... • https://assets.prestashop2.com/en/system/files/ps_releases/changelog_1.7.6.0-rc2.txt • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2019-11876
https://notcve.org/view.php?id=CVE-2019-11876
24 May 2019 — In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link. En PrestaShop versión 1.7.5.2, el parámetro shop_country en el archivo install/index.php la instalación script/component se ve afectado por una vulnerabilidad Reflected XSS. la explotación por parte de un actor ma... • https://www.logicallysecure.com/blog/xss-presta-xss-drupal • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •