Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/prestashop/prestashop@1.7.8.11

Type composer

Namespace prestashop

Name prestashop

Version 1.7.8.11

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 8.2.4

Latest_non_vulnerable_version 9.1.0

Affected_by_vulnerabilities

url VCID-1trs-ajxn-jkhk

vulnerability_id VCID-1trs-ajxn-jkhk

summary

Presta Shop vulnerable to email enumeration
### Impact
An unauthenticated attacker with access to the back-office URL can manipulate the id_employee and reset_token parameters to enumerate valid back-office employee email addresses.

Impacted parties:
Store administrators and employees: their email addresses are exposed.
Merchants: risk of phishing, social engineering, and brute-force attacks targeting admin accounts.

### Patches
PrestaShop 8.2.3

### Workarounds
You must upgrade, or at least apply the changes from the PrestaShop 8.2.3 patch. More information: https://build.prestashop-project.org/news/2025/prestashop-8-2-3-security-release/

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-51586

reference_id

reference_type

scores

value	0.00765
scoring_system	epss
scoring_elements	0.73399
published_at	2026-04-02T12:55:00Z

value	0.00765
scoring_system	epss
scoring_elements	0.7344
published_at	2026-04-13T12:55:00Z

value	0.00765
scoring_system	epss
scoring_elements	0.73448
published_at	2026-04-12T12:55:00Z

value	0.00765
scoring_system	epss
scoring_elements	0.73468
published_at	2026-04-11T12:55:00Z

value	0.00765
scoring_system	epss
scoring_elements	0.73444
published_at	2026-04-09T12:55:00Z

value	0.00765
scoring_system	epss
scoring_elements	0.73431
published_at	2026-04-08T12:55:00Z

value	0.00765
scoring_system	epss
scoring_elements	0.73394
published_at	2026-04-07T12:55:00Z

value	0.00765
scoring_system	epss
scoring_elements	0.73422
published_at	2026-04-04T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76677
published_at	2026-04-21T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76684
published_at	2026-04-16T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76688
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-51586

reference_url

https://build.prestashop-project.org/news/2025/prestashop-8-2-3-security-release

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://build.prestashop-project.org/news/2025/prestashop-8-2-3-security-release

reference_url

https://github.com/PrestaShop/PrestaShop

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/PrestaShop/PrestaShop

reference_url

https://github.com/PrestaShop/PrestaShop/commit/c97bdf10f77fedbe5a61a1dec5f96b3abb1d76fb

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/PrestaShop/PrestaShop/commit/c97bdf10f77fedbe5a61a1dec5f96b3abb1d76fb

reference_url

https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.1

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-08T17:47:26Z/

url

https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.1

reference_url

https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.3

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.3

reference_url

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-8xx5-h6m3-jr33

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-8xx5-h6m3-jr33

reference_url

https://maxime-morel.github.io/advisories/2025/CVE-2025-51586.md

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-08T17:47:26Z/

url

https://maxime-morel.github.io/advisories/2025/CVE-2025-51586.md

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-51586

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-51586

reference_url

https://prestashop.com

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://prestashop.com

reference_url

https://github.com/advisories/GHSA-8xx5-h6m3-jr33

reference_id

GHSA-8xx5-h6m3-jr33

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8xx5-h6m3-jr33

reference_url

https://prestashop.com/

reference_id

prestashop.com

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-08T17:47:26Z/

url

https://prestashop.com/

fixed_packages

url pkg:composer/prestashop/prestashop@8.2.3

purl pkg:composer/prestashop/prestashop@8.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cf1h-m5xj-mfc5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.2.3

aliases CVE-2025-51586, GHSA-8xx5-h6m3-jr33

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1trs-ajxn-jkhk

url VCID-cf1h-m5xj-mfc5

vulnerability_id VCID-cf1h-m5xj-mfc5

summary

PrestaShop affected by time based enumeration in FO login form
### Impact
A time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by measuring response times.

### Patches
8.2.4 and 9.0.3

### Workarounds
none

### References
Found by Lam Yiu Tung

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25597

reference_id

reference_type

scores

value	0.0006
scoring_system	epss
scoring_elements	0.18836
published_at	2026-04-18T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18824
published_at	2026-04-16T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18852
published_at	2026-04-21T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23209
published_at	2026-04-02T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23043
published_at	2026-04-07T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23253
published_at	2026-04-04T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23094
published_at	2026-04-13T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23152
published_at	2026-04-12T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.2319
published_at	2026-04-11T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23169
published_at	2026-04-09T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23116
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25597

reference_url

https://github.com/PrestaShop/PrestaShop

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/PrestaShop/PrestaShop

reference_url

https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.4

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:22:00Z/

url

https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.4

reference_url

https://github.com/PrestaShop/PrestaShop/releases/tag/9.0.3

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:22:00Z/

url

https://github.com/PrestaShop/PrestaShop/releases/tag/9.0.3

reference_url

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-67v7-3g49-mxh2

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:22:00Z/

url

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-67v7-3g49-mxh2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-25597

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-25597

reference_url

https://github.com/advisories/GHSA-67v7-3g49-mxh2

reference_id

GHSA-67v7-3g49-mxh2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-67v7-3g49-mxh2

fixed_packages

url	pkg:composer/prestashop/prestashop@8.2.4
purl	pkg:composer/prestashop/prestashop@8.2.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.2.4

url	pkg:composer/prestashop/prestashop@9.0.3
purl	pkg:composer/prestashop/prestashop@9.0.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@9.0.3

url	pkg:composer/prestashop/prestashop@9.1.0-beta.1
purl	pkg:composer/prestashop/prestashop@9.1.0-beta.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@9.1.0-beta.1

aliases CVE-2026-25597, GHSA-67v7-3g49-mxh2

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cf1h-m5xj-mfc5

url VCID-f4m9-pgg8-nqa3

vulnerability_id VCID-f4m9-pgg8-nqa3

summary

PrestaShop XSS can be stored in DB from "add a message form" in order detail page (FO)
### Impact
The isCleanHtml method is not used on this this form, which makes it possible to store an xss in DB.
The impact is low because the html is not interpreted in BO, thanks to twig's escape mechanism.
In FO, the xss is effective, but only impacts the customer sending it, or the customer session from which it was sent.

Be careful if you have a module fetching these messages from the DB and displaying it without escaping html.

### Patches
8.1.x

### Reporter
Reported by Rona Febriana (linkedin: https://www.linkedin.com/in/rona-febriana/)

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-21628

reference_id

reference_type

scores

value	0.00384
scoring_system	epss
scoring_elements	0.59702
published_at	2026-04-11T12:55:00Z

value	0.00384
scoring_system	epss
scoring_elements	0.59691
published_at	2026-04-21T12:55:00Z

value	0.00384
scoring_system	epss
scoring_elements	0.59707
published_at	2026-04-18T12:55:00Z

value	0.00384
scoring_system	epss
scoring_elements	0.59699
published_at	2026-04-16T12:55:00Z

value	0.00384
scoring_system	epss
scoring_elements	0.59666
published_at	2026-04-13T12:55:00Z

value	0.00384
scoring_system	epss
scoring_elements	0.59685
published_at	2026-04-12T12:55:00Z

value	0.00384
scoring_system	epss
scoring_elements	0.59624
published_at	2026-04-02T12:55:00Z

value	0.00384
scoring_system	epss
scoring_elements	0.59649
published_at	2026-04-04T12:55:00Z

value	0.00384
scoring_system	epss
scoring_elements	0.59619
published_at	2026-04-07T12:55:00Z

value	0.00384
scoring_system	epss
scoring_elements	0.5967
published_at	2026-04-08T12:55:00Z

value	0.00384
scoring_system	epss
scoring_elements	0.59683
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-21628

reference_url

https://github.com/PrestaShop/PrestaShop

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/PrestaShop/PrestaShop

reference_url

https://github.com/PrestaShop/PrestaShop/commit/afc45b93b3cc33be0e571559d2838c6960d98856

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/PrestaShop/PrestaShop/commit/afc45b93b3cc33be0e571559d2838c6960d98856

reference_url

https://github.com/PrestaShop/PrestaShop/commit/c3d78b7e49f5fe49a9d07725c3174d005deaa597

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-16T16:32:28Z/

url

https://github.com/PrestaShop/PrestaShop/commit/c3d78b7e49f5fe49a9d07725c3174d005deaa597

reference_url

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-vr7m-r9vm-m4wf

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-16T16:32:28Z/

url

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-vr7m-r9vm-m4wf

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-21628

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-21628

reference_url

https://github.com/advisories/GHSA-vr7m-r9vm-m4wf

reference_id

GHSA-vr7m-r9vm-m4wf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vr7m-r9vm-m4wf

fixed_packages

url pkg:composer/prestashop/prestashop@8.1.3

purl pkg:composer/prestashop/prestashop@8.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1trs-ajxn-jkhk

vulnerability	VCID-5s8z-4eqn-p7h7

vulnerability	VCID-cf1h-m5xj-mfc5

vulnerability	VCID-ws23-cmum-kyh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.3

aliases CVE-2024-21628, GHSA-vr7m-r9vm-m4wf

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f4m9-pgg8-nqa3

Fixing_vulnerabilities

url VCID-fkcb-5u24-wqbg

vulnerability_id VCID-fkcb-5u24-wqbg

summary

PrestaShop some attribute not escaped in Validate::isCleanHTML method
### Description
Some event attributes are not detected by the isCleanHTML method

### Impact
Some modules using the isCleanHTML method could be vulnerable to xss

### Patches
8.1.3, 1.7.8.11

### Workarounds
The best workaround is to use the `HTMLPurifier` library to sanitize html input coming from users. The library is already available as a dependency in the PrestaShop project. Beware though that in legacy object models, fields of `HTML` type will call `isCleanHTML`.

### Reporters

Reported by Antonio Russo (@Antonio-R1 on GitHub) and Antonio Rocco Spataro (@antoniospataro on GitHub).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-21627

reference_id

reference_type

scores

value	0.0095
scoring_system	epss
scoring_elements	0.76311
published_at	2026-04-02T12:55:00Z

value	0.0095
scoring_system	epss
scoring_elements	0.76397
published_at	2026-04-21T12:55:00Z

value	0.0095
scoring_system	epss
scoring_elements	0.76413
published_at	2026-04-18T12:55:00Z

value	0.0095
scoring_system	epss
scoring_elements	0.76406
published_at	2026-04-16T12:55:00Z

value	0.0095
scoring_system	epss
scoring_elements	0.76366
published_at	2026-04-13T12:55:00Z

value	0.0095
scoring_system	epss
scoring_elements	0.76371
published_at	2026-04-12T12:55:00Z

value	0.0095
scoring_system	epss
scoring_elements	0.76393
published_at	2026-04-11T12:55:00Z

value	0.0095
scoring_system	epss
scoring_elements	0.76367
published_at	2026-04-09T12:55:00Z

value	0.0095
scoring_system	epss
scoring_elements	0.76354
published_at	2026-04-08T12:55:00Z

value	0.0095
scoring_system	epss
scoring_elements	0.76321
published_at	2026-04-07T12:55:00Z

value	0.0095
scoring_system	epss
scoring_elements	0.76341
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-21627

reference_url

https://github.com/PrestaShop/PrestaShop

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/PrestaShop/PrestaShop

reference_url

https://github.com/PrestaShop/PrestaShop/commit/0ed1af8de500538490f88e9e794e2e8113fb8df7

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/PrestaShop/PrestaShop/commit/0ed1af8de500538490f88e9e794e2e8113fb8df7

reference_url

https://github.com/PrestaShop/PrestaShop/commit/73cfb44666818eefd501b526a894fe884dd12129

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:48:20Z/

url

https://github.com/PrestaShop/PrestaShop/commit/73cfb44666818eefd501b526a894fe884dd12129

reference_url

https://github.com/PrestaShop/PrestaShop/commit/ba06d18466df5b92cb841d504cc7210121104883

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:48:20Z/

url

https://github.com/PrestaShop/PrestaShop/commit/ba06d18466df5b92cb841d504cc7210121104883

reference_url

https://github.com/PrestaShop/PrestaShop/commit/f799dcff564cd1b7ead932ffc3343b675107dbce

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/PrestaShop/PrestaShop/commit/f799dcff564cd1b7ead932ffc3343b675107dbce

reference_url

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xgpm-q3mq-46rq

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:48:20Z/

url

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xgpm-q3mq-46rq

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-21627

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-21627

reference_url

https://github.com/advisories/GHSA-xgpm-q3mq-46rq

reference_id

GHSA-xgpm-q3mq-46rq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xgpm-q3mq-46rq

fixed_packages

url	pkg:composer/prestashop/prestashop@1.7.8%2B11
purl	pkg:composer/prestashop/prestashop@1.7.8%2B11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8%252B11

url pkg:composer/prestashop/prestashop@1.7.8.11

purl pkg:composer/prestashop/prestashop@1.7.8.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1trs-ajxn-jkhk

vulnerability	VCID-cf1h-m5xj-mfc5

vulnerability	VCID-f4m9-pgg8-nqa3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8.11

url pkg:composer/prestashop/prestashop@8.1.3

purl pkg:composer/prestashop/prestashop@8.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1trs-ajxn-jkhk

vulnerability	VCID-5s8z-4eqn-p7h7

vulnerability	VCID-cf1h-m5xj-mfc5

vulnerability	VCID-ws23-cmum-kyh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.3

aliases CVE-2024-21627, GHSA-xgpm-q3mq-46rq

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fkcb-5u24-wqbg

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8.11

Package Instance