NotCVE - vendor:"Prestashop" product:"Prestashop" version:" >= 1.7.5.0

Page 6 of 53 results (0.003 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-6632

https://notcve.org/view.php?id=CVE-2020-6632

09 Jan 2020 — In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a QuickAccess link. This is related to AdminQuickAccessesController.php, themes/default/template/header.tpl, and themes/new-theme/js/header.js. En PrestaShop versión 1.7.6.2, una ataque de tipo XSS puede producirse durante la adición o eliminación de un enlace QuickAccess. Esto está relacionado con los archivos AdminQuickAccessesController.php, themes/default/template/header.tpl y themes/new-theme/js/header.js. • https://github.com/PrestaShop/PrestaShop/pull/17050/commits • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2019-13461

https://notcve.org/view.php?id=CVE-2019-13461

09 Jul 2019 — In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop bug #14444. En PrestaShop versiones anteriores a 1.7.6.0 RC2, los parámetros id_address_delivery y id_address_invoice se ven afectados por una vulnerabilidad de Referencia de Objeto Directa no Segura debido a un... • https://assets.prestashop2.com/en/system/files/ps_releases/changelog_1.7.6.0-rc2.txt • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1

CVE-2019-11876

https://notcve.org/view.php?id=CVE-2019-11876

24 May 2019 — In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link. En PrestaShop versión 1.7.5.2, el parámetro shop_country en el archivo install/index.php la instalación script/component se ve afectado por una vulnerabilidad Reflected XSS. la explotación por parte de un actor ma... • https://www.logicallysecure.com/blog/xss-presta-xss-drupal • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...4 5 6