CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-8824
https://notcve.org/view.php?id=CVE-2018-8824
10 May 2018 — modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection through function calls in the code parameter. modules/bamegamenu/ajax_phpcode.php en el módulo Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro 1.0.32 para PrestaShop de la versión 1.5.5.0 a la 1.7.2.5 permite que atacantes remotos ejecuten una inyección SQL mediante llamadas de función en el parámetr... • https://ia-informatica.com/it/CVE-2018-8824 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 21%CPEs: 2EXPL: 1CVE-2018-10942
https://notcve.org/view.php?id=CVE-2018-10942
10 May 2018 — modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file. modules/attributewizardpro/file_upload.php en el addon Attribute Wizard 1.6.9 para PrestaShop, de la versión 1.4.0.1 a la 1.6.1.18, permite que atacantes remotos ejecuten código arbitrario mediante la subida de un archivo .phtml. • https://ia-informatica.com/it/CVE-2018-10942 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 45%CPEs: 2EXPL: 1CVE-2018-8823
https://notcve.org/view.php?id=CVE-2018-8823
28 Mar 2018 — modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter. Modules/bamegamenu/ajax_phpcode.php en el módulo Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro 1.0.32 para PrestaShop, desde la versión 1.5.5.0 hasta la 1.7.2.5, permite que atacantes remotos ejecuten código PHP arbitrario mediante el parámetro code. • https://ia-informatica.com/it/CVE-2018-8823 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7491
https://notcve.org/view.php?id=CVE-2018-7491
26 Feb 2018 — In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess function in classes/Tools.php sets neither X-Frame-Options nor 'Content-Security-Policy "frame-ancestors' values. En PrestaShop hasta la versión 1.7.2.5, se ha encontrado una vulnerabilidad de secuestro de clics que podría conducir a un impacto que cambia el estado en el contexto de un usuario o administrador. Esto se ... • http://forge.prestashop.com/browse/BOOM-4917 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5681
https://notcve.org/view.php?id=CVE-2018-5681
13 Jan 2018 — PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen. PrestaShop 1.7.2.4 tiene XSS mediante la edición de código fuente en la pantalla "Pages > Edit page". • http://forge.prestashop.com/browse/BOOM-4612 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5682
https://notcve.org/view.php?id=CVE-2018-5682
13 Jan 2018 — PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a "This account does not exist" error message. PrestaShop 1.7.2.4 permite la enumeración de usuarios mediante la característica Reset Password, al notar qué intentos de restablecimiento no producen un mensaje de error "This account does not exist". • http://forge.prestashop.com/browse/BOOM-4613 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2015-1175 – Prestashop 1.6.0.9 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-1175
20 Jan 2015 — Cross-site scripting (XSS) vulnerability in blocklayered-ajax.php in the blocklayered module in PrestaShop 1.6.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the layered_price_slider parameter. Vulnerabilidad de XSS en blocklayered-ajax.php en el módulo blocklayered en PrestaShop 1.6.0.9 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro layered_price_slider. Prestashop version 1.6.0.9 suffers from a cros... • https://packetstorm.news/files/id/130026 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 0CVE-2012-6641
https://notcve.org/view.php?id=CVE-2012-6641
07 Apr 2014 — Cross-site scripting (XSS) vulnerability in redirect.php in the Socolissimo module (modules/socolissimo/) in PrestaShop before 1.4.7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to "parameter names and values." Vulnerabilidad de XSS en redirect.php en el módulo Socolissimo (modules/socolissimo/) en PrestaShop anterior a 1.4.7.2 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores relacionados con "nombres y valores de parámetros." • http://secunia.com/advisories/48036 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2011-4545 – Prestashop 1.4.4.1 - 'displayImage.php' HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2011-4545
02 Dec 2011 — CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter. Vulnerabilidad de inyección CRLF en admin/displayimage.php en Prestashop v1.4.4.1 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de división de respuesta HTTP a través del parámetro name. • https://www.exploit-db.com/exploits/36345 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 6CVE-2011-4544 – PrestaShop 1.4.4.1 - '/admin/ajaxfilemanager/ajax_save_text.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4544
01 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) address or (2) relativ_base_dir parameter to modules/mondialrelay/googlemap.php; the (3) relativ_base_dir, (4) Pays, (5) Ville, (6) CP, (7) Poids, (8) Action, or (9) num parameter to prestashop/modules/mondialrelay/googlemap.php; (10) the num_mode parameter to modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php; (11) the Expedition param... • https://www.exploit-db.com/exploits/36344 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •