CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7491
https://notcve.org/view.php?id=CVE-2018-7491
26 Feb 2018 — In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess function in classes/Tools.php sets neither X-Frame-Options nor 'Content-Security-Policy "frame-ancestors' values. En PrestaShop hasta la versión 1.7.2.5, se ha encontrado una vulnerabilidad de secuestro de clics que podría conducir a un impacto que cambia el estado en el contexto de un usuario o administrador. Esto se ... • http://forge.prestashop.com/browse/BOOM-4917 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5681
https://notcve.org/view.php?id=CVE-2018-5681
13 Jan 2018 — PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen. PrestaShop 1.7.2.4 tiene XSS mediante la edición de código fuente en la pantalla "Pages > Edit page". • http://forge.prestashop.com/browse/BOOM-4612 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5682
https://notcve.org/view.php?id=CVE-2018-5682
13 Jan 2018 — PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a "This account does not exist" error message. PrestaShop 1.7.2.4 permite la enumeración de usuarios mediante la característica Reset Password, al notar qué intentos de restablecimiento no producen un mensaje de error "This account does not exist". • http://forge.prestashop.com/browse/BOOM-4613 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2015-1175 – Prestashop 1.6.0.9 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-1175
20 Jan 2015 — Cross-site scripting (XSS) vulnerability in blocklayered-ajax.php in the blocklayered module in PrestaShop 1.6.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the layered_price_slider parameter. Vulnerabilidad de XSS en blocklayered-ajax.php en el módulo blocklayered en PrestaShop 1.6.0.9 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro layered_price_slider. Prestashop version 1.6.0.9 suffers from a cros... • https://packetstorm.news/files/id/130026 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •