CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15081 – Information exposure in the upload directory in PrestaShop
https://notcve.org/view.php?id=CVE-2020-15081
02 Jul 2020 — In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is information exposure in the upload directory. The problem is fixed in version 1.7.6.6. A possible workaround is to add an empty index.php file in the upload directory. En PrestaShop desde versión 1.5.0.0 y anteriores a 1.7.6.6, se presenta una exposición de información en el directorio de carga. El problema es corregido en versión 1.7.6.6. • https://github.com/PrestaShop/PrestaShop/commit/bac9ea6936b073f84b1abd9864317af3713f1901 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-548: Exposure of Information Through Directory Listing •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5286 – Reflected XSS related in import page in PrestaShop
https://notcve.org/view.php?id=CVE-2020-5286
20 Apr 2020 — In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file. The problem is fixed in 1.7.6.5 En PrestaShop entre las versiones 1.7.4.0 y 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado cuando se carga un archivo incorrecto. El problema se corrigió en la versión 1.7.6.5. • https://github.com/PrestaShop/PrestaShop/commit/fc0625fb0a9aab1835515f1bea52e8e063384da7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5287 – Improper access control on customers search in PrestaShop
https://notcve.org/view.php?id=CVE-2020-5287
20 Apr 2020 — In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. The problem is fixed in 1.7.6.5. En PrestaShop entre las versiones 1.5.5.0 y 1.7.6.5, hay un control de acceso inapropiado en la búsqueda de clientes. El problema se corrigió en la versión 1.7.6.5. • https://github.com/PrestaShop/PrestaShop/commit/27e49d89808f1d76eb909a595f344a6739bc0b52 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5288 – Improper access control on product attributes page in PrestaShop
https://notcve.org/view.php?id=CVE-2020-5288
20 Apr 2020 — "In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. The problem is fixed in 1.7.6.5. En PrestaShop entre las versiones 1.7.0.0 y 1.7.6.5, tiene un control de acceso inapropiado en la página de atributos del producto. El problema se corrigió en la versión 1.7.6.5 • https://github.com/PrestaShop/PrestaShop/commit/fc1d796dda769efdbc4d9e02ea7a11e4167338d0 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5293 – Improper access control on product page with combinations, attachments and specific prices in PrestaShop
https://notcve.org/view.php?id=CVE-2020-5293
20 Apr 2020 — In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. The problem is fixed in 1.7.6.5. En PrestaShop entre las versiones 1.7.0.0 y 1.7.6.5, hay un control de acceso inapropiado en la página del producto con combinaciones, archivos adjuntos y precios específicos. El problema se corrigió en la versión 1.7.6.5. • https://github.com/PrestaShop/PrestaShop/commit/f9f442c87755908e23a6bcba8c443cdea1d78a7f • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5271 – Reflected XSS with dashboard calendar of PrestaShop
https://notcve.org/view.php?id=CVE-2020-5271
20 Apr 2020 — In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5 En PrestaShop entre las versiones 1.6.0.0 y 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado con los parámetros "date_from" y "date_to" en la página del panel de control. Este problema es corregido en la versión 1.7.6.5 • https://github.com/PrestaShop/PrestaShop/commit/c464518d2aaf195007a1eb055fce64a9a027e00a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5272 – Reflected XSS on Search page of PrestaShop
https://notcve.org/view.php?id=CVE-2020-5272
20 Apr 2020 — In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflected XSS on Search page with `alias` and `search` parameters. The problem is patched in 1.7.6.5 En PrestaShop entre las versiones 1.5.5.0 y 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado en la página Search con los parámetros "alias" y "search". El problema está solucionado en la versión 1.7.6.5 • https://github.com/PrestaShop/PrestaShop/commit/d3bf027fa37e8105fed3c809d636ebe787e43f46 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5276 – Reflected XSS on AdminCarts page of PrestaShop
https://notcve.org/view.php?id=CVE-2020-5276
20 Apr 2020 — In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflected XSS on AdminCarts page with `cartBox` parameter The problem is fixed in 1.7.6.5 En PrestaShop entre las versiones 1.7.1.0 y 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado en la página AdminCarts con el parámetro "cartBox". El problema es corregido en la versión 1.7.6.5 • https://github.com/PrestaShop/PrestaShop/commit/6838d21850e7227fb8afbf568cb0386b3dedd3ef • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5278 – Reflected XSS on Exception page of PrestaShop
https://notcve.org/view.php?id=CVE-2020-5278
20 Apr 2020 — In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflected XSS on Exception page The problem is fixed in 1.7.6.5 En PrestaShop entre las versiones 1.5.4.0 y 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado en la página Exception. El problema es corregido en la versión 1.7.6.5 • https://github.com/PrestaShop/PrestaShop/commit/ea85210d6e5d81f058b55764bc4608cdb0b36c5d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5279 – Improper Access Control for certain legacy controller in PrestaShop
https://notcve.org/view.php?id=CVE-2020-5279
20 Apr 2020 — In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. - admin-dev/index.php/configure/shop/customer-preferences/ - admin-dev/index.php/improve/international/translations/ - admin-dev/index.php/improve/international/geolocation/ - admin-dev/index.php/improve/international/localization - admin-dev/index.php/configure/advanced/performance - admin-dev/index.php/sell/orders/delivery-slips/ - admin-dev/index.php?controller=Admin... • https://github.com/PrestaShop/PrestaShop/commit/4444fb85761667a2206874a3112ccc77f657d76a • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •