Vulnerabilities in Prestashop
72 resultsCVE-2023-47110CRITICALAny value can be changed in the configuration table by an employee having access to block reassurance module EPSS 0.4%CVE-2025-24027MEDIUMps_contactinfo has potential XSS due to usage of the nofilter tag in templateEPSS 0.4%CVE-2023-43664MEDIUMEmployee without any access rights can list all installed modules in PrestashopEPSS 0.4%CVE-2024-21628MEDIUMXSS can be stored in DB from "add a message form" in order detail page (FO)EPSS 0.4%CVE-2023-43663MEDIUMImproper Privilege Management in PrestashopEPSS 0.3%CVE-2026-44212CRITICALPrestaShop: Stored XSS executable in customer service viewEPSS 0.3%CVE-2022-45448LOWCross-site Scripting in M4 PDF plugin for Prestashop sitesEPSS 0.3%CVE-2026-33673HIGHPrestaShop has multiple stored XSS vulnerabilities via unprotected Template variablesEPSS 0.3%CVE-2026-25597MEDIUMPrestaShop has a time based enumeration in FO login formEPSS 0.3%CVE-2025-1230MEDIUMCross-Site Scripting (XSS) vulnerability in PrestashopEPSS 0.2%CVE-2026-33674LOWPrestaShop: Improper Use of Validation FrameworkEPSS 0.2%CVE-2023-25170MEDIUMPrestaShop has possible CSRF token fixationEPSS 0.2%