Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/prestashop/prestashop@1.7.5.1
Typecomposer
Namespaceprestashop
Nameprestashop
Version1.7.5.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.7.6+0
Latest_non_vulnerable_version9.1.1
Affected_by_vulnerabilities
0
url VCID-2bnh-9kn6-4qcd
vulnerability_id VCID-2bnh-9kn6-4qcd
summary An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive information via the reset password feature.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-51586
reference_id
reference_type
scores
0
value 0.0103
scoring_system epss
scoring_elements 0.77742
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-51586
1
reference_url https://build.prestashop-project.org/news/2025/prestashop-8-2-3-security-release
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://build.prestashop-project.org/news/2025/prestashop-8-2-3-security-release
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/c97bdf10f77fedbe5a61a1dec5f96b3abb1d76fb
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/commit/c97bdf10f77fedbe5a61a1dec5f96b3abb1d76fb
3
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.3
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.3
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-8xx5-h6m3-jr33
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-8xx5-h6m3-jr33
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-51586
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-51586
6
reference_url https://prestashop.com
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://prestashop.com
7
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.1
reference_id 8.2.1
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-08T17:47:26Z/
url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.1
8
reference_url https://maxime-morel.github.io/advisories/2025/CVE-2025-51586.md
reference_id CVE-2025-51586.md
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-08T17:47:26Z/
url https://maxime-morel.github.io/advisories/2025/CVE-2025-51586.md
9
reference_url https://github.com/advisories/GHSA-8xx5-h6m3-jr33
reference_id GHSA-8xx5-h6m3-jr33
reference_type
scores
url https://github.com/advisories/GHSA-8xx5-h6m3-jr33
10
reference_url https://prestashop.com/
reference_id prestashop.com
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-08T17:47:26Z/
url https://prestashop.com/
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.2.3
purl pkg:composer/prestashop/prestashop@8.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azu3-487t-53aw
1
vulnerability VCID-bjh8-pmaq-rba1
2
vulnerability VCID-mesw-xwzr-7ye5
3
vulnerability VCID-r84m-w6vx-due5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.2.3
aliases CVE-2025-51586, GHSA-8xx5-h6m3-jr33
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2bnh-9kn6-4qcd
1
url VCID-2ryb-59mf-4kcs
vulnerability_id VCID-2ryb-59mf-4kcs
summary 
Duplicate Advisory: PrestaShop Cross-site Scripting vulnerability
## Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-95hx-62rh-gg96. This link is maintained to preserve external references.

## Original Description
A cross-site scripting (XSS) vulnerability in PrestaShop v1.7.7.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter in /contactform/contactform.php.
references
0
reference_url https://github.com/mustgundogdu/Research/blob/main/PrestaShop/ReflectedXSS_1.7.7.4.md
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mustgundogdu/Research/blob/main/PrestaShop/ReflectedXSS_1.7.7.4.md
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31508
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-31508
2
reference_url https://github.com/advisories/GHSA-6mhc-hqr3-w466
reference_id GHSA-6mhc-hqr3-w466
reference_type
scores
url https://github.com/advisories/GHSA-6mhc-hqr3-w466
fixed_packages
0
url pkg:composer/prestashop/prestashop@1.7.7.5
purl pkg:composer/prestashop/prestashop@1.7.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-98tm-6u1z-d3cz
3
vulnerability VCID-am1v-rf8j-b7ae
4
vulnerability VCID-azu3-487t-53aw
5
vulnerability VCID-bjh8-pmaq-rba1
6
vulnerability VCID-bweb-xxh2-b7df
7
vulnerability VCID-d4nk-jn4h-nfcm
8
vulnerability VCID-etd8-pjky-7qam
9
vulnerability VCID-h4mv-sgk9-skbg
10
vulnerability VCID-hkr3-rvxd-jubb
11
vulnerability VCID-jcjb-wz39-4ye2
12
vulnerability VCID-mesw-xwzr-7ye5
13
vulnerability VCID-pvev-hxcv-6qce
14
vulnerability VCID-r84m-w6vx-due5
15
vulnerability VCID-rwcm-bgj9-8fep
16
vulnerability VCID-s29x-44jz-j3af
17
vulnerability VCID-txxt-nf7w-w3gp
18
vulnerability VCID-u5mm-6rsb-xfbh
19
vulnerability VCID-urgr-erwg-rqgd
20
vulnerability VCID-uy9r-8mcd-cufw
21
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.7.5
aliases CVE-2023-31508, GHSA-6mhc-hqr3-w466
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ryb-59mf-4kcs
2
url VCID-4cjs-wwx4-k7ew
vulnerability_id VCID-4cjs-wwx4-k7ew
summary PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig's escape mechanism. In FO, the cross-site scripting attack is effective, but only impacts the customer sending it, or the customer session from which it was sent. This issue affects those who have a module fetching these messages from the DB and displaying it without escaping HTML. Version 8.1.3 contains a patch for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21628
reference_id
reference_type
scores
0
value 0.00384
scoring_system epss
scoring_elements 0.60082
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21628
1
reference_url https://github.com/PrestaShop/PrestaShop/commit/afc45b93b3cc33be0e571559d2838c6960d98856
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/commit/afc45b93b3cc33be0e571559d2838c6960d98856
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/c3d78b7e49f5fe49a9d07725c3174d005deaa597
reference_id c3d78b7e49f5fe49a9d07725c3174d005deaa597
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-16T16:32:28Z/
url https://github.com/PrestaShop/PrestaShop/commit/c3d78b7e49f5fe49a9d07725c3174d005deaa597
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21628
reference_id CVE-2024-21628
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-21628
4
reference_url https://github.com/advisories/GHSA-vr7m-r9vm-m4wf
reference_id GHSA-vr7m-r9vm-m4wf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vr7m-r9vm-m4wf
5
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-vr7m-r9vm-m4wf
reference_id GHSA-vr7m-r9vm-m4wf
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-16T16:32:28Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-vr7m-r9vm-m4wf
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.1.3
purl pkg:composer/prestashop/prestashop@8.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-5f1j-3t9n-7kf7
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-cvjc-r4wd-1uah
5
vulnerability VCID-mesw-xwzr-7ye5
6
vulnerability VCID-r84m-w6vx-due5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.3
aliases CVE-2024-21628, GHSA-vr7m-r9vm-m4wf
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4cjs-wwx4-k7ew
3
url VCID-98tm-6u1z-d3cz
vulnerability_id VCID-98tm-6u1z-d3cz
summary PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL function `LOAD_FILE` in a `SELECT` request. This gives the user access to critical information. A patch is available in PrestaShop 8.0.4 and PS 1.7.8.9
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30545
reference_id
reference_type
scores
0
value 0.00772
scoring_system epss
scoring_elements 0.74005
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30545
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30545
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30545
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/cddac4198a47c602878a787280d813f60c6c0630
reference_id cddac4198a47c602878a787280d813f60c6c0630
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:36:12Z/
url https://github.com/PrestaShop/PrestaShop/commit/cddac4198a47c602878a787280d813f60c6c0630
3
reference_url https://github.com/PrestaShop/PrestaShop/commit/d900806e1841a31f26ff0a1843a6888fc1bb7f81
reference_id d900806e1841a31f26ff0a1843a6888fc1bb7f81
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:36:12Z/
url https://github.com/PrestaShop/PrestaShop/commit/d900806e1841a31f26ff0a1843a6888fc1bb7f81
4
reference_url https://github.com/advisories/GHSA-8r4m-5p6p-52rp
reference_id GHSA-8r4m-5p6p-52rp
reference_type
scores
url https://github.com/advisories/GHSA-8r4m-5p6p-52rp
5
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-8r4m-5p6p-52rp
reference_id GHSA-8r4m-5p6p-52rp
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:36:12Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-8r4m-5p6p-52rp
fixed_packages
0
url pkg:composer/prestashop/prestashop@1.7.8%2B9
purl pkg:composer/prestashop/prestashop@1.7.8%2B9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8%252B9
1
url pkg:composer/prestashop/prestashop@1.7.8.9
purl pkg:composer/prestashop/prestashop@1.7.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-jcjb-wz39-4ye2
8
vulnerability VCID-mesw-xwzr-7ye5
9
vulnerability VCID-pvev-hxcv-6qce
10
vulnerability VCID-r84m-w6vx-due5
11
vulnerability VCID-rwcm-bgj9-8fep
12
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8.9
2
url pkg:composer/prestashop/prestashop@8.0.4
purl pkg:composer/prestashop/prestashop@8.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-etd8-pjky-7qam
7
vulnerability VCID-hkr3-rvxd-jubb
8
vulnerability VCID-jcjb-wz39-4ye2
9
vulnerability VCID-mesw-xwzr-7ye5
10
vulnerability VCID-pvev-hxcv-6qce
11
vulnerability VCID-r84m-w6vx-due5
12
vulnerability VCID-rwcm-bgj9-8fep
13
vulnerability VCID-txxt-nf7w-w3gp
14
vulnerability VCID-uy9r-8mcd-cufw
15
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.0.4
aliases CVE-2023-30545, GHSA-8r4m-5p6p-52rp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-98tm-6u1z-d3cz
4
url VCID-am1v-rf8j-b7ae
vulnerability_id VCID-am1v-rf8j-b7ae
summary PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the `ValidateCore::isCleanHTML()` method of Prestashop misses hijackable events which can lead to cross-site scripting (XSS) injection, allowed by the presence of pre-setup `@keyframes` methods. This XSS, which hijacks HTML attributes, can be triggered without any interaction by the visitor/administrator, which makes it as dangerous as a trivial XSS attack. Contrary to other attacks which target HTML attributes and are triggered without user interaction (such as onload / onerror which suffer from a very limited scope), this one can hijack every HTML element, which increases the danger due to a complete HTML elements scope. Versions 8.0.4 and 1.7.8.9 contain a fix for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30838
reference_id
reference_type
scores
0
value 0.01375
scoring_system epss
scoring_elements 0.80656
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30838
1
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.9
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.9
2
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/8.0.4
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/releases/tag/8.0.4
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30838
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30838
4
reference_url https://github.com/PrestaShop/PrestaShop/commit/46408ae4b02f3b8b1bb6e9dc63af5bcd858abd9c
reference_id 46408ae4b02f3b8b1bb6e9dc63af5bcd858abd9c
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T19:34:44Z/
url https://github.com/PrestaShop/PrestaShop/commit/46408ae4b02f3b8b1bb6e9dc63af5bcd858abd9c
5
reference_url https://github.com/PrestaShop/PrestaShop/commit/dc682192df0e4b0d656a8e645b29ca1b9dbe3693
reference_id dc682192df0e4b0d656a8e645b29ca1b9dbe3693
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T19:34:44Z/
url https://github.com/PrestaShop/PrestaShop/commit/dc682192df0e4b0d656a8e645b29ca1b9dbe3693
6
reference_url https://github.com/advisories/GHSA-fh7r-996q-gvcp
reference_id GHSA-fh7r-996q-gvcp
reference_type
scores
url https://github.com/advisories/GHSA-fh7r-996q-gvcp
7
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-fh7r-996q-gvcp
reference_id GHSA-fh7r-996q-gvcp
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T19:34:44Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-fh7r-996q-gvcp
fixed_packages
0
url pkg:composer/prestashop/prestashop@1.7.8%2B9
purl pkg:composer/prestashop/prestashop@1.7.8%2B9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8%252B9
1
url pkg:composer/prestashop/prestashop@8.0.0-beta.1
purl pkg:composer/prestashop/prestashop@8.0.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-jcjb-wz39-4ye2
8
vulnerability VCID-mesw-xwzr-7ye5
9
vulnerability VCID-pvev-hxcv-6qce
10
vulnerability VCID-r84m-w6vx-due5
11
vulnerability VCID-rwcm-bgj9-8fep
12
vulnerability VCID-s29x-44jz-j3af
13
vulnerability VCID-uy9r-8mcd-cufw
14
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.0.0-beta.1
2
url pkg:composer/prestashop/prestashop@8.0.4
purl pkg:composer/prestashop/prestashop@8.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-etd8-pjky-7qam
7
vulnerability VCID-hkr3-rvxd-jubb
8
vulnerability VCID-jcjb-wz39-4ye2
9
vulnerability VCID-mesw-xwzr-7ye5
10
vulnerability VCID-pvev-hxcv-6qce
11
vulnerability VCID-r84m-w6vx-due5
12
vulnerability VCID-rwcm-bgj9-8fep
13
vulnerability VCID-txxt-nf7w-w3gp
14
vulnerability VCID-uy9r-8mcd-cufw
15
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.0.4
3
url pkg:composer/prestashop/prestashop@8.1.0-beta.1
purl pkg:composer/prestashop/prestashop@8.1.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-jcjb-wz39-4ye2
8
vulnerability VCID-mesw-xwzr-7ye5
9
vulnerability VCID-pvev-hxcv-6qce
10
vulnerability VCID-r84m-w6vx-due5
11
vulnerability VCID-rwcm-bgj9-8fep
12
vulnerability VCID-uy9r-8mcd-cufw
13
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.0-beta.1
aliases CVE-2023-30838, GHSA-fh7r-996q-gvcp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-am1v-rf8j-b7ae
5
url VCID-azu3-487t-53aw
vulnerability_id VCID-azu3-487t-53aw
summary PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting (XSS) vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The payload is stored in the database and executed when a back-office employee opens the affected customer thread, enabling session hijacking and full back-office takeover. This vulnerability is fixed in 8.2.6 and 9.1.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44212
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06283
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44212
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44212
reference_id CVE-2026-44212
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-44212
2
reference_url https://github.com/advisories/GHSA-w9f3-qc75-qgx9
reference_id GHSA-w9f3-qc75-qgx9
reference_type
scores
url https://github.com/advisories/GHSA-w9f3-qc75-qgx9
3
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-w9f3-qc75-qgx9
reference_id GHSA-w9f3-qc75-qgx9
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-15T13:33:59Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-w9f3-qc75-qgx9
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.2.6
purl pkg:composer/prestashop/prestashop@8.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.2.6
1
url pkg:composer/prestashop/prestashop@9.1.1
purl pkg:composer/prestashop/prestashop@9.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@9.1.1
aliases CVE-2026-44212, GHSA-w9f3-qc75-qgx9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azu3-487t-53aw
6
url VCID-bjh8-pmaq-rba1
vulnerability_id VCID-bjh8-pmaq-rba1
summary PrestaShop is an open source e-commerce web application. Prior to 8.2.4 and 9.0.3, there is a time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by measuring response times. This vulnerability is fixed in 8.2.4 and 9.0.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25597
reference_id
reference_type
scores
0
value 0.0007
scoring_system epss
scoring_elements 0.21646
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25597
1
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.4
reference_id 8.2.4
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:22:00Z/
url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.4
2
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/9.0.3
reference_id 9.0.3
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:22:00Z/
url https://github.com/PrestaShop/PrestaShop/releases/tag/9.0.3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25597
reference_id CVE-2026-25597
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25597
4
reference_url https://github.com/advisories/GHSA-67v7-3g49-mxh2
reference_id GHSA-67v7-3g49-mxh2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-67v7-3g49-mxh2
5
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-67v7-3g49-mxh2
reference_id GHSA-67v7-3g49-mxh2
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:22:00Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-67v7-3g49-mxh2
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.2.4
purl pkg:composer/prestashop/prestashop@8.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azu3-487t-53aw
1
vulnerability VCID-mesw-xwzr-7ye5
2
vulnerability VCID-r84m-w6vx-due5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.2.4
1
url pkg:composer/prestashop/prestashop@9.0.3
purl pkg:composer/prestashop/prestashop@9.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azu3-487t-53aw
1
vulnerability VCID-mesw-xwzr-7ye5
2
vulnerability VCID-r84m-w6vx-due5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@9.0.3
2
url pkg:composer/prestashop/prestashop@9.1.0-beta.1
purl pkg:composer/prestashop/prestashop@9.1.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azu3-487t-53aw
1
vulnerability VCID-mesw-xwzr-7ye5
2
vulnerability VCID-r84m-w6vx-due5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@9.1.0-beta.1
aliases CVE-2026-25597, GHSA-67v7-3g49-mxh2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bjh8-pmaq-rba1
7
url VCID-bweb-xxh2-b7df
vulnerability_id VCID-bweb-xxh2-b7df
summary PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39529
reference_id
reference_type
scores
0
value 0.0092
scoring_system epss
scoring_elements 0.76419
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39529
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39529
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39529
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/b08c647305dc1e9e6a2445b724d13a9733b6ed82
reference_id b08c647305dc1e9e6a2445b724d13a9733b6ed82
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:01:08Z/
url https://github.com/PrestaShop/PrestaShop/commit/b08c647305dc1e9e6a2445b724d13a9733b6ed82
3
reference_url https://github.com/advisories/GHSA-2rf5-3fw8-qm47
reference_id GHSA-2rf5-3fw8-qm47
reference_type
scores
url https://github.com/advisories/GHSA-2rf5-3fw8-qm47
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-2rf5-3fw8-qm47
reference_id GHSA-2rf5-3fw8-qm47
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:01:08Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-2rf5-3fw8-qm47
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.1.1
purl pkg:composer/prestashop/prestashop@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-5f1j-3t9n-7kf7
3
vulnerability VCID-azu3-487t-53aw
4
vulnerability VCID-bjh8-pmaq-rba1
5
vulnerability VCID-cvjc-r4wd-1uah
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-mesw-xwzr-7ye5
8
vulnerability VCID-r84m-w6vx-due5
9
vulnerability VCID-uy9r-8mcd-cufw
10
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.1
aliases CVE-2023-39529, GHSA-2rf5-3fw8-qm47
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bweb-xxh2-b7df
8
url VCID-d4nk-jn4h-nfcm
vulnerability_id VCID-d4nk-jn4h-nfcm
summary PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the `displayAjaxEmailHTML` method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39528
reference_id
reference_type
scores
0
value 0.00845
scoring_system epss
scoring_elements 0.75224
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39528
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39528
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39528
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/11de3a84322fa4ecd0995ac40d575db61804724c
reference_id 11de3a84322fa4ecd0995ac40d575db61804724c
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:01:14Z/
url https://github.com/PrestaShop/PrestaShop/commit/11de3a84322fa4ecd0995ac40d575db61804724c
3
reference_url https://github.com/advisories/GHSA-hpf4-v7v2-95p2
reference_id GHSA-hpf4-v7v2-95p2
reference_type
scores
url https://github.com/advisories/GHSA-hpf4-v7v2-95p2
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hpf4-v7v2-95p2
reference_id GHSA-hpf4-v7v2-95p2
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:01:14Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hpf4-v7v2-95p2
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.1.1
purl pkg:composer/prestashop/prestashop@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-5f1j-3t9n-7kf7
3
vulnerability VCID-azu3-487t-53aw
4
vulnerability VCID-bjh8-pmaq-rba1
5
vulnerability VCID-cvjc-r4wd-1uah
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-mesw-xwzr-7ye5
8
vulnerability VCID-r84m-w6vx-due5
9
vulnerability VCID-uy9r-8mcd-cufw
10
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.1
aliases CVE-2023-39528, GHSA-hpf4-v7v2-95p2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d4nk-jn4h-nfcm
9
url VCID-etd8-pjky-7qam
vulnerability_id VCID-etd8-pjky-7qam
summary PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39526
reference_id
reference_type
scores
0
value 0.13872
scoring_system epss
scoring_elements 0.94466
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39526
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39526
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39526
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/817847e2347844a9b6add017581f1932bcd28c09
reference_id 817847e2347844a9b6add017581f1932bcd28c09
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:05:56Z/
url https://github.com/PrestaShop/PrestaShop/commit/817847e2347844a9b6add017581f1932bcd28c09
3
reference_url https://github.com/advisories/GHSA-gf46-prm4-56pc
reference_id GHSA-gf46-prm4-56pc
reference_type
scores
url https://github.com/advisories/GHSA-gf46-prm4-56pc
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gf46-prm4-56pc
reference_id GHSA-gf46-prm4-56pc
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:05:56Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gf46-prm4-56pc
fixed_packages
0
url pkg:composer/prestashop/prestashop@1.7.8.10
purl pkg:composer/prestashop/prestashop@1.7.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-jcjb-wz39-4ye2
8
vulnerability VCID-mesw-xwzr-7ye5
9
vulnerability VCID-pvev-hxcv-6qce
10
vulnerability VCID-r84m-w6vx-due5
11
vulnerability VCID-rwcm-bgj9-8fep
12
vulnerability VCID-uy9r-8mcd-cufw
13
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8.10
1
url pkg:composer/prestashop/prestashop@1.7.8%2B10
purl pkg:composer/prestashop/prestashop@1.7.8%2B10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8%252B10
2
url pkg:composer/prestashop/prestashop@8.0.5
purl pkg:composer/prestashop/prestashop@8.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-jcjb-wz39-4ye2
8
vulnerability VCID-mesw-xwzr-7ye5
9
vulnerability VCID-pvev-hxcv-6qce
10
vulnerability VCID-r84m-w6vx-due5
11
vulnerability VCID-rwcm-bgj9-8fep
12
vulnerability VCID-uy9r-8mcd-cufw
13
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.0.5
3
url pkg:composer/prestashop/prestashop@8.1.1
purl pkg:composer/prestashop/prestashop@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-5f1j-3t9n-7kf7
3
vulnerability VCID-azu3-487t-53aw
4
vulnerability VCID-bjh8-pmaq-rba1
5
vulnerability VCID-cvjc-r4wd-1uah
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-mesw-xwzr-7ye5
8
vulnerability VCID-r84m-w6vx-due5
9
vulnerability VCID-uy9r-8mcd-cufw
10
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.1
aliases CVE-2023-39526, GHSA-gf46-prm4-56pc
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-etd8-pjky-7qam
10
url VCID-h4mv-sgk9-skbg
vulnerability_id VCID-h4mv-sgk9-skbg
summary Server Side Twig Template Injection
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-21686
reference_id
reference_type
scores
0
value 0.0051
scoring_system epss
scoring_elements 0.66847
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-21686
1
reference_url https://github.com/PrestaShop/PrestaShop/commit/d02b469ec365822e6a9f017e57f588966248bf21
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/commit/d02b469ec365822e6a9f017e57f588966248bf21
2
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.3
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-21686
reference_id CVE-2022-21686
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-21686
4
reference_url https://github.com/advisories/GHSA-mrq4-7ch7-2465
reference_id GHSA-mrq4-7ch7-2465
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mrq4-7ch7-2465
5
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mrq4-7ch7-2465
reference_id GHSA-mrq4-7ch7-2465
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mrq4-7ch7-2465
fixed_packages
0
url pkg:composer/prestashop/prestashop@1.7.8%2B3
purl pkg:composer/prestashop/prestashop@1.7.8%2B3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8%252B3
1
url pkg:composer/prestashop/prestashop@1.7.8.3
purl pkg:composer/prestashop/prestashop@1.7.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-98tm-6u1z-d3cz
3
vulnerability VCID-am1v-rf8j-b7ae
4
vulnerability VCID-azu3-487t-53aw
5
vulnerability VCID-bjh8-pmaq-rba1
6
vulnerability VCID-bweb-xxh2-b7df
7
vulnerability VCID-d4nk-jn4h-nfcm
8
vulnerability VCID-hkr3-rvxd-jubb
9
vulnerability VCID-jcjb-wz39-4ye2
10
vulnerability VCID-mesw-xwzr-7ye5
11
vulnerability VCID-pvev-hxcv-6qce
12
vulnerability VCID-r84m-w6vx-due5
13
vulnerability VCID-rwcm-bgj9-8fep
14
vulnerability VCID-s29x-44jz-j3af
15
vulnerability VCID-u5mm-6rsb-xfbh
16
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8.3
aliases CVE-2022-21686, GHSA-mrq4-7ch7-2465
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4mv-sgk9-skbg
11
url VCID-hkr3-rvxd-jubb
vulnerability_id VCID-hkr3-rvxd-jubb
summary PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43663
reference_id
reference_type
scores
0
value 0.00102
scoring_system epss
scoring_elements 0.27565
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43663
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43663
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-43663
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/ce1f67083537194e974caf86c57e547a0aaa46cd
reference_id ce1f67083537194e974caf86c57e547a0aaa46cd
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-20T17:48:09Z/
url https://github.com/PrestaShop/PrestaShop/commit/ce1f67083537194e974caf86c57e547a0aaa46cd
3
reference_url https://github.com/advisories/GHSA-6jmf-2pfc-q9m7
reference_id GHSA-6jmf-2pfc-q9m7
reference_type
scores
url https://github.com/advisories/GHSA-6jmf-2pfc-q9m7
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6jmf-2pfc-q9m7
reference_id GHSA-6jmf-2pfc-q9m7
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-20T17:48:09Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6jmf-2pfc-q9m7
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.1.2
purl pkg:composer/prestashop/prestashop@8.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-5f1j-3t9n-7kf7
3
vulnerability VCID-azu3-487t-53aw
4
vulnerability VCID-bjh8-pmaq-rba1
5
vulnerability VCID-cvjc-r4wd-1uah
6
vulnerability VCID-mesw-xwzr-7ye5
7
vulnerability VCID-r84m-w6vx-due5
8
vulnerability VCID-uy9r-8mcd-cufw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.2
aliases CVE-2023-43663, GHSA-6jmf-2pfc-q9m7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hkr3-rvxd-jubb
12
url VCID-jcjb-wz39-4ye2
vulnerability_id VCID-jcjb-wz39-4ye2
summary PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39525
reference_id
reference_type
scores
0
value 0.01304
scoring_system epss
scoring_elements 0.80178
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39525
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39525
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39525
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/c7c9a5110421bb2856f4d312ecce192d079b5ec7
reference_id c7c9a5110421bb2856f4d312ecce192d079b5ec7
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:19:54Z/
url https://github.com/PrestaShop/PrestaShop/commit/c7c9a5110421bb2856f4d312ecce192d079b5ec7
3
reference_url https://github.com/advisories/GHSA-m9r4-3fg7-pqm2
reference_id GHSA-m9r4-3fg7-pqm2
reference_type
scores
url https://github.com/advisories/GHSA-m9r4-3fg7-pqm2
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-m9r4-3fg7-pqm2
reference_id GHSA-m9r4-3fg7-pqm2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:19:54Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-m9r4-3fg7-pqm2
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.1.1
purl pkg:composer/prestashop/prestashop@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-5f1j-3t9n-7kf7
3
vulnerability VCID-azu3-487t-53aw
4
vulnerability VCID-bjh8-pmaq-rba1
5
vulnerability VCID-cvjc-r4wd-1uah
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-mesw-xwzr-7ye5
8
vulnerability VCID-r84m-w6vx-due5
9
vulnerability VCID-uy9r-8mcd-cufw
10
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.1
aliases CVE-2023-39525, GHSA-m9r4-3fg7-pqm2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jcjb-wz39-4ye2
13
url VCID-mesw-xwzr-7ye5
vulnerability_id VCID-mesw-xwzr-7ye5
summary PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33674
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.08624
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33674
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33674
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33674
2
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5
reference_id 8.2.5
reference_type
scores
0
value 2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
1
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:44:11Z/
url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5
3
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0
reference_id 9.1.0
reference_type
scores
0
value 2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
1
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:44:11Z/
url https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0
4
reference_url https://github.com/advisories/GHSA-283w-xf3q-788v
reference_id GHSA-283w-xf3q-788v
reference_type
scores
url https://github.com/advisories/GHSA-283w-xf3q-788v
5
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v
reference_id GHSA-283w-xf3q-788v
reference_type
scores
0
value 2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
1
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:44:11Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.2.5
purl pkg:composer/prestashop/prestashop@8.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azu3-487t-53aw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.2.5
1
url pkg:composer/prestashop/prestashop@9.1.0
purl pkg:composer/prestashop/prestashop@9.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azu3-487t-53aw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@9.1.0
aliases CVE-2026-33674, GHSA-283w-xf3q-788v
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mesw-xwzr-7ye5
14
url VCID-pvev-hxcv-6qce
vulnerability_id VCID-pvev-hxcv-6qce
summary PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete files from the server via the CustomerMessage API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39530
reference_id
reference_type
scores
0
value 0.00996
scoring_system epss
scoring_elements 0.77376
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39530
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39530
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39530
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/6ce750b2367a7309b6bf50166f1873cb86ad57e9
reference_id 6ce750b2367a7309b6bf50166f1873cb86ad57e9
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T17:33:05Z/
url https://github.com/PrestaShop/PrestaShop/commit/6ce750b2367a7309b6bf50166f1873cb86ad57e9
3
reference_url https://github.com/advisories/GHSA-v4gr-v679-42p7
reference_id GHSA-v4gr-v679-42p7
reference_type
scores
url https://github.com/advisories/GHSA-v4gr-v679-42p7
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-v4gr-v679-42p7
reference_id GHSA-v4gr-v679-42p7
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T17:33:05Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-v4gr-v679-42p7
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.1.1
purl pkg:composer/prestashop/prestashop@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-5f1j-3t9n-7kf7
3
vulnerability VCID-azu3-487t-53aw
4
vulnerability VCID-bjh8-pmaq-rba1
5
vulnerability VCID-cvjc-r4wd-1uah
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-mesw-xwzr-7ye5
8
vulnerability VCID-r84m-w6vx-due5
9
vulnerability VCID-uy9r-8mcd-cufw
10
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.1
aliases CVE-2023-39530, GHSA-v4gr-v679-42p7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pvev-hxcv-6qce
15
url VCID-r84m-w6vx-due5
vulnerability_id VCID-r84m-w6vx-due5
summary PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting (stored XSS) vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability, can exploit unprotected variables in back-office templates. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33673
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04197
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33673
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33673
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33673
2
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5
reference_id 8.2.5
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-27T20:27:27Z/
url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5
3
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0
reference_id 9.1.0
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-27T20:27:27Z/
url https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0
4
reference_url https://github.com/advisories/GHSA-35pf-37c6-jxjv
reference_id GHSA-35pf-37c6-jxjv
reference_type
scores
url https://github.com/advisories/GHSA-35pf-37c6-jxjv
5
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-35pf-37c6-jxjv
reference_id GHSA-35pf-37c6-jxjv
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-27T20:27:27Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-35pf-37c6-jxjv
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.2.5
purl pkg:composer/prestashop/prestashop@8.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azu3-487t-53aw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.2.5
1
url pkg:composer/prestashop/prestashop@9.1.0
purl pkg:composer/prestashop/prestashop@9.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azu3-487t-53aw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@9.1.0
aliases CVE-2026-33673, GHSA-35pf-37c6-jxjv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r84m-w6vx-due5
16
url VCID-rwcm-bgj9-8fep
vulnerability_id VCID-rwcm-bgj9-8fep
summary PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO's product page. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39524
reference_id
reference_type
scores
0
value 0.00432
scoring_system epss
scoring_elements 0.63136
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39524
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39524
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39524
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/2047d4c053043102bc46a37d383b392704bf14d7
reference_id 2047d4c053043102bc46a37d383b392704bf14d7
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:20:18Z/
url https://github.com/PrestaShop/PrestaShop/commit/2047d4c053043102bc46a37d383b392704bf14d7
3
reference_url https://github.com/advisories/GHSA-75p5-jwx4-qw9h
reference_id GHSA-75p5-jwx4-qw9h
reference_type
scores
url https://github.com/advisories/GHSA-75p5-jwx4-qw9h
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-75p5-jwx4-qw9h
reference_id GHSA-75p5-jwx4-qw9h
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:20:18Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-75p5-jwx4-qw9h
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.1.1
purl pkg:composer/prestashop/prestashop@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-5f1j-3t9n-7kf7
3
vulnerability VCID-azu3-487t-53aw
4
vulnerability VCID-bjh8-pmaq-rba1
5
vulnerability VCID-cvjc-r4wd-1uah
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-mesw-xwzr-7ye5
8
vulnerability VCID-r84m-w6vx-due5
9
vulnerability VCID-uy9r-8mcd-cufw
10
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.1
aliases CVE-2023-39524, GHSA-75p5-jwx4-qw9h
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rwcm-bgj9-8fep
17
url VCID-s29x-44jz-j3af
vulnerability_id VCID-s29x-44jz-j3af
summary PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery (CSRF). When authenticating users, PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enable same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. The problem is fixed in version 8.0.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25170
reference_id
reference_type
scores
0
value 0.00137
scoring_system epss
scoring_elements 0.33501
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25170
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25170
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25170
2
reference_url https://github.com/advisories/GHSA-3g43-x7qr-96ph
reference_id GHSA-3g43-x7qr-96ph
reference_type
scores
url https://github.com/advisories/GHSA-3g43-x7qr-96ph
3
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-3g43-x7qr-96ph
reference_id GHSA-3g43-x7qr-96ph
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:29:46Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-3g43-x7qr-96ph
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.0.1
purl pkg:composer/prestashop/prestashop@8.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-98tm-6u1z-d3cz
3
vulnerability VCID-am1v-rf8j-b7ae
4
vulnerability VCID-azu3-487t-53aw
5
vulnerability VCID-bjh8-pmaq-rba1
6
vulnerability VCID-bweb-xxh2-b7df
7
vulnerability VCID-d4nk-jn4h-nfcm
8
vulnerability VCID-etd8-pjky-7qam
9
vulnerability VCID-hkr3-rvxd-jubb
10
vulnerability VCID-jcjb-wz39-4ye2
11
vulnerability VCID-mesw-xwzr-7ye5
12
vulnerability VCID-pvev-hxcv-6qce
13
vulnerability VCID-r84m-w6vx-due5
14
vulnerability VCID-rwcm-bgj9-8fep
15
vulnerability VCID-txxt-nf7w-w3gp
16
vulnerability VCID-u5mm-6rsb-xfbh
17
vulnerability VCID-uy9r-8mcd-cufw
18
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.0.1
aliases CVE-2023-25170, GHSA-3g43-x7qr-96ph
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s29x-44jz-j3af
18
url VCID-txxt-nf7w-w3gp
vulnerability_id VCID-txxt-nf7w-w3gp
summary PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the `isCleanHTML` method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39527
reference_id
reference_type
scores
0
value 0.01896
scoring_system epss
scoring_elements 0.83619
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39527
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39527
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39527
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/afc14f8eaa058b3e6a20ac43e033ee2656fb88b4
reference_id afc14f8eaa058b3e6a20ac43e033ee2656fb88b4
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:01:22Z/
url https://github.com/PrestaShop/PrestaShop/commit/afc14f8eaa058b3e6a20ac43e033ee2656fb88b4
3
reference_url https://github.com/advisories/GHSA-xw2r-f8xv-c8xp
reference_id GHSA-xw2r-f8xv-c8xp
reference_type
scores
url https://github.com/advisories/GHSA-xw2r-f8xv-c8xp
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xw2r-f8xv-c8xp
reference_id GHSA-xw2r-f8xv-c8xp
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:01:22Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xw2r-f8xv-c8xp
fixed_packages
0
url pkg:composer/prestashop/prestashop@1.7.8.10
purl pkg:composer/prestashop/prestashop@1.7.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-jcjb-wz39-4ye2
8
vulnerability VCID-mesw-xwzr-7ye5
9
vulnerability VCID-pvev-hxcv-6qce
10
vulnerability VCID-r84m-w6vx-due5
11
vulnerability VCID-rwcm-bgj9-8fep
12
vulnerability VCID-uy9r-8mcd-cufw
13
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8.10
1
url pkg:composer/prestashop/prestashop@1.7.8%2B10
purl pkg:composer/prestashop/prestashop@1.7.8%2B10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8%252B10
2
url pkg:composer/prestashop/prestashop@8.0.5
purl pkg:composer/prestashop/prestashop@8.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-jcjb-wz39-4ye2
8
vulnerability VCID-mesw-xwzr-7ye5
9
vulnerability VCID-pvev-hxcv-6qce
10
vulnerability VCID-r84m-w6vx-due5
11
vulnerability VCID-rwcm-bgj9-8fep
12
vulnerability VCID-uy9r-8mcd-cufw
13
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.0.5
3
url pkg:composer/prestashop/prestashop@8.1.1
purl pkg:composer/prestashop/prestashop@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-5f1j-3t9n-7kf7
3
vulnerability VCID-azu3-487t-53aw
4
vulnerability VCID-bjh8-pmaq-rba1
5
vulnerability VCID-cvjc-r4wd-1uah
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-mesw-xwzr-7ye5
8
vulnerability VCID-r84m-w6vx-due5
9
vulnerability VCID-uy9r-8mcd-cufw
10
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.1
aliases CVE-2023-39527, GHSA-xw2r-f8xv-c8xp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-txxt-nf7w-w3gp
19
url VCID-u5mm-6rsb-xfbh
vulnerability_id VCID-u5mm-6rsb-xfbh
summary PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30839
reference_id
reference_type
scores
0
value 0.04563
scoring_system epss
scoring_elements 0.89443
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30839
1
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.9
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.9
2
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/8.0.4
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/releases/tag/8.0.4
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30839
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30839
4
reference_url https://github.com/PrestaShop/PrestaShop/commit/0f2a9b7fdd42d1dd3b21d4fad586a849642f3c30
reference_id 0f2a9b7fdd42d1dd3b21d4fad586a849642f3c30
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:07:54Z/
url https://github.com/PrestaShop/PrestaShop/commit/0f2a9b7fdd42d1dd3b21d4fad586a849642f3c30
5
reference_url https://github.com/PrestaShop/PrestaShop/commit/d1d27dc371599713c912b71bc2a455cacd7f2149
reference_id d1d27dc371599713c912b71bc2a455cacd7f2149
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:07:54Z/
url https://github.com/PrestaShop/PrestaShop/commit/d1d27dc371599713c912b71bc2a455cacd7f2149
6
reference_url https://github.com/advisories/GHSA-p379-cxqh-q822
reference_id GHSA-p379-cxqh-q822
reference_type
scores
url https://github.com/advisories/GHSA-p379-cxqh-q822
7
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-p379-cxqh-q822
reference_id GHSA-p379-cxqh-q822
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:07:54Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-p379-cxqh-q822
fixed_packages
0
url pkg:composer/prestashop/prestashop@1.7.8%2B9
purl pkg:composer/prestashop/prestashop@1.7.8%2B9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8%252B9
1
url pkg:composer/prestashop/prestashop@8.0.0-beta.1
purl pkg:composer/prestashop/prestashop@8.0.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-jcjb-wz39-4ye2
8
vulnerability VCID-mesw-xwzr-7ye5
9
vulnerability VCID-pvev-hxcv-6qce
10
vulnerability VCID-r84m-w6vx-due5
11
vulnerability VCID-rwcm-bgj9-8fep
12
vulnerability VCID-s29x-44jz-j3af
13
vulnerability VCID-uy9r-8mcd-cufw
14
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.0.0-beta.1
2
url pkg:composer/prestashop/prestashop@8.0.4
purl pkg:composer/prestashop/prestashop@8.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-etd8-pjky-7qam
7
vulnerability VCID-hkr3-rvxd-jubb
8
vulnerability VCID-jcjb-wz39-4ye2
9
vulnerability VCID-mesw-xwzr-7ye5
10
vulnerability VCID-pvev-hxcv-6qce
11
vulnerability VCID-r84m-w6vx-due5
12
vulnerability VCID-rwcm-bgj9-8fep
13
vulnerability VCID-txxt-nf7w-w3gp
14
vulnerability VCID-uy9r-8mcd-cufw
15
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.0.4
3
url pkg:composer/prestashop/prestashop@8.1.0-beta.1
purl pkg:composer/prestashop/prestashop@8.1.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-jcjb-wz39-4ye2
8
vulnerability VCID-mesw-xwzr-7ye5
9
vulnerability VCID-pvev-hxcv-6qce
10
vulnerability VCID-r84m-w6vx-due5
11
vulnerability VCID-rwcm-bgj9-8fep
12
vulnerability VCID-uy9r-8mcd-cufw
13
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.0-beta.1
aliases CVE-2023-30839, GHSA-p379-cxqh-q822
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u5mm-6rsb-xfbh
20
url VCID-urgr-erwg-rqgd
vulnerability_id VCID-urgr-erwg-rqgd
summary SQL injection in prestashop/prestashop
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43789
reference_id
reference_type
scores
0
value 0.11673
scoring_system epss
scoring_elements 0.93835
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43789
1
reference_url https://github.com/PrestaShop/PrestaShop/commit/6482b9ddc9dcebf7588dbfd616d2d635218408d6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/commit/6482b9ddc9dcebf7588dbfd616d2d635218408d6
2
reference_url https://github.com/PrestaShop/PrestaShop/issues/26623
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/issues/26623
3
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-43789
reference_id CVE-2021-43789
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-43789
5
reference_url https://github.com/advisories/GHSA-6xxj-gcjq-wgf4
reference_id GHSA-6xxj-gcjq-wgf4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6xxj-gcjq-wgf4
6
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6xxj-gcjq-wgf4
reference_id GHSA-6xxj-gcjq-wgf4
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6xxj-gcjq-wgf4
fixed_packages
0
url pkg:composer/prestashop/prestashop@1.7.8%2B2
purl pkg:composer/prestashop/prestashop@1.7.8%2B2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h4mv-sgk9-skbg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8%252B2
aliases CVE-2021-43789, GHSA-6xxj-gcjq-wgf4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-urgr-erwg-rqgd
21
url VCID-uy9r-8mcd-cufw
vulnerability_id VCID-uy9r-8mcd-cufw
summary PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the `isCleanHTML` method. Some modules using the `isCleanHTML` method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this issue. The best workaround is to use the `HTMLPurifier` library to sanitize html input coming from users. The library is already available as a dependency in the PrestaShop project. Beware though that in legacy object models, fields of `HTML` type will call `isCleanHTML`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21627
reference_id
reference_type
scores
0
value 0.0095
scoring_system epss
scoring_elements 0.76802
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21627
1
reference_url https://github.com/PrestaShop/PrestaShop/commit/0ed1af8de500538490f88e9e794e2e8113fb8df7
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/commit/0ed1af8de500538490f88e9e794e2e8113fb8df7
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/f799dcff564cd1b7ead932ffc3343b675107dbce
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/commit/f799dcff564cd1b7ead932ffc3343b675107dbce
3
reference_url https://github.com/PrestaShop/PrestaShop/commit/73cfb44666818eefd501b526a894fe884dd12129
reference_id 73cfb44666818eefd501b526a894fe884dd12129
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:48:20Z/
url https://github.com/PrestaShop/PrestaShop/commit/73cfb44666818eefd501b526a894fe884dd12129
4
reference_url https://github.com/PrestaShop/PrestaShop/commit/ba06d18466df5b92cb841d504cc7210121104883
reference_id ba06d18466df5b92cb841d504cc7210121104883
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:48:20Z/
url https://github.com/PrestaShop/PrestaShop/commit/ba06d18466df5b92cb841d504cc7210121104883
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21627
reference_id CVE-2024-21627
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-21627
6
reference_url https://github.com/advisories/GHSA-xgpm-q3mq-46rq
reference_id GHSA-xgpm-q3mq-46rq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xgpm-q3mq-46rq
7
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xgpm-q3mq-46rq
reference_id GHSA-xgpm-q3mq-46rq
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:48:20Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xgpm-q3mq-46rq
fixed_packages
0
url pkg:composer/prestashop/prestashop@1.7.8%2B11
purl pkg:composer/prestashop/prestashop@1.7.8%2B11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8%252B11
1
url pkg:composer/prestashop/prestashop@1.7.8.11
purl pkg:composer/prestashop/prestashop@1.7.8.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-mesw-xwzr-7ye5
5
vulnerability VCID-r84m-w6vx-due5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8.11
2
url pkg:composer/prestashop/prestashop@8.1.3
purl pkg:composer/prestashop/prestashop@8.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-5f1j-3t9n-7kf7
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-cvjc-r4wd-1uah
5
vulnerability VCID-mesw-xwzr-7ye5
6
vulnerability VCID-r84m-w6vx-due5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.3
aliases CVE-2024-21627, GHSA-xgpm-q3mq-46rq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uy9r-8mcd-cufw
22
url VCID-wjfd-3ceu-puad
vulnerability_id VCID-wjfd-3ceu-puad
summary PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This issue has been addressed in commit `15bd281c` which is included in version 8.1.2. Users are advised to upgrade. There are no known workaround for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43664
reference_id
reference_type
scores
0
value 0.00239
scoring_system epss
scoring_elements 0.47243
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43664
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43664
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-43664
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/15bd281c18f032a5134a8d213b44d24829d45762
reference_id 15bd281c18f032a5134a8d213b44d24829d45762
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-20T17:48:03Z/
url https://github.com/PrestaShop/PrestaShop/commit/15bd281c18f032a5134a8d213b44d24829d45762
3
reference_url https://github.com/advisories/GHSA-gvrg-62jp-rf7j
reference_id GHSA-gvrg-62jp-rf7j
reference_type
scores
url https://github.com/advisories/GHSA-gvrg-62jp-rf7j
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gvrg-62jp-rf7j
reference_id GHSA-gvrg-62jp-rf7j
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-20T17:48:03Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gvrg-62jp-rf7j
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.1.2
purl pkg:composer/prestashop/prestashop@8.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-5f1j-3t9n-7kf7
3
vulnerability VCID-azu3-487t-53aw
4
vulnerability VCID-bjh8-pmaq-rba1
5
vulnerability VCID-cvjc-r4wd-1uah
6
vulnerability VCID-mesw-xwzr-7ye5
7
vulnerability VCID-r84m-w6vx-due5
8
vulnerability VCID-uy9r-8mcd-cufw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.2
aliases CVE-2023-43664, GHSA-gvrg-62jp-rf7j
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wjfd-3ceu-puad
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.5.1