Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/prestashop/prestashop@1.7.8.4
Typecomposer
Namespaceprestashop
Nameprestashop
Version1.7.8.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.2.6
Latest_non_vulnerable_version9.1.1
Affected_by_vulnerabilities
0
url VCID-2bnh-9kn6-4qcd
vulnerability_id VCID-2bnh-9kn6-4qcd
summary An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive information via the reset password feature.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-51586
reference_id
reference_type
scores
0
value 0.0103
scoring_system epss
scoring_elements 0.77742
published_at 2026-06-11T12:55:00Z
1
value 0.0103
scoring_system epss
scoring_elements 0.77824
published_at 2026-06-13T12:55:00Z
2
value 0.0103
scoring_system epss
scoring_elements 0.77811
published_at 2026-06-12T12:55:00Z
3
value 0.01198
scoring_system epss
scoring_elements 0.79373
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-51586
1
reference_url https://build.prestashop-project.org/news/2025/prestashop-8-2-3-security-release
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://build.prestashop-project.org/news/2025/prestashop-8-2-3-security-release
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/c97bdf10f77fedbe5a61a1dec5f96b3abb1d76fb
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/commit/c97bdf10f77fedbe5a61a1dec5f96b3abb1d76fb
3
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.3
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.3
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-8xx5-h6m3-jr33
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-8xx5-h6m3-jr33
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-51586
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-51586
6
reference_url https://prestashop.com
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://prestashop.com
7
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.1
reference_id 8.2.1
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-08T17:47:26Z/
url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.1
8
reference_url https://maxime-morel.github.io/advisories/2025/CVE-2025-51586.md
reference_id CVE-2025-51586.md
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-08T17:47:26Z/
url https://maxime-morel.github.io/advisories/2025/CVE-2025-51586.md
9
reference_url https://github.com/advisories/GHSA-8xx5-h6m3-jr33
reference_id GHSA-8xx5-h6m3-jr33
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8xx5-h6m3-jr33
10
reference_url https://prestashop.com/
reference_id prestashop.com
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-08T17:47:26Z/
url https://prestashop.com/
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.2.3
purl pkg:composer/prestashop/prestashop@8.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azu3-487t-53aw
1
vulnerability VCID-bjh8-pmaq-rba1
2
vulnerability VCID-mesw-xwzr-7ye5
3
vulnerability VCID-r84m-w6vx-due5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.2.3
aliases CVE-2025-51586, GHSA-8xx5-h6m3-jr33
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2bnh-9kn6-4qcd
1
url VCID-4cjs-wwx4-k7ew
vulnerability_id VCID-4cjs-wwx4-k7ew
summary PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig's escape mechanism. In FO, the cross-site scripting attack is effective, but only impacts the customer sending it, or the customer session from which it was sent. This issue affects those who have a module fetching these messages from the DB and displaying it without escaping HTML. Version 8.1.3 contains a patch for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21628
reference_id
reference_type
scores
0
value 0.00384
scoring_system epss
scoring_elements 0.60189
published_at 2026-06-12T12:55:00Z
1
value 0.00384
scoring_system epss
scoring_elements 0.60192
published_at 2026-06-14T12:55:00Z
2
value 0.00384
scoring_system epss
scoring_elements 0.602
published_at 2026-06-13T12:55:00Z
3
value 0.00384
scoring_system epss
scoring_elements 0.60082
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21628
1
reference_url https://github.com/PrestaShop/PrestaShop/commit/afc45b93b3cc33be0e571559d2838c6960d98856
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/commit/afc45b93b3cc33be0e571559d2838c6960d98856
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/c3d78b7e49f5fe49a9d07725c3174d005deaa597
reference_id c3d78b7e49f5fe49a9d07725c3174d005deaa597
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-16T16:32:28Z/
url https://github.com/PrestaShop/PrestaShop/commit/c3d78b7e49f5fe49a9d07725c3174d005deaa597
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21628
reference_id CVE-2024-21628
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-21628
4
reference_url https://github.com/advisories/GHSA-vr7m-r9vm-m4wf
reference_id GHSA-vr7m-r9vm-m4wf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vr7m-r9vm-m4wf
5
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-vr7m-r9vm-m4wf
reference_id GHSA-vr7m-r9vm-m4wf
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-16T16:32:28Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-vr7m-r9vm-m4wf
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.1.3
purl pkg:composer/prestashop/prestashop@8.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-5f1j-3t9n-7kf7
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-cvjc-r4wd-1uah
5
vulnerability VCID-mesw-xwzr-7ye5
6
vulnerability VCID-r84m-w6vx-due5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.3
aliases CVE-2024-21628, GHSA-vr7m-r9vm-m4wf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4cjs-wwx4-k7ew
2
url VCID-96sy-9gnx-ykbb
vulnerability_id VCID-96sy-9gnx-ykbb
summary PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31181
reference_id
reference_type
scores
0
value 0.78272
scoring_system epss
scoring_elements 0.99052
published_at 2026-06-13T12:55:00Z
1
value 0.78272
scoring_system epss
scoring_elements 0.99051
published_at 2026-06-14T12:55:00Z
2
value 0.78272
scoring_system epss
scoring_elements 0.99047
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31181
1
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.7
reference_id 1.7.8.7
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:50Z/
url https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.7
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/b6d96e7c2a4e35a44e96ffbcdfd34439b56af804
reference_id b6d96e7c2a4e35a44e96ffbcdfd34439b56af804
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:50Z/
url https://github.com/PrestaShop/PrestaShop/commit/b6d96e7c2a4e35a44e96ffbcdfd34439b56af804
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31181
reference_id CVE-2022-31181
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31181
4
reference_url https://github.com/advisories/GHSA-hrgx-p36p-89q4
reference_id GHSA-hrgx-p36p-89q4
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hrgx-p36p-89q4
5
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hrgx-p36p-89q4
reference_id GHSA-hrgx-p36p-89q4
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:50Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hrgx-p36p-89q4
fixed_packages
0
url pkg:composer/prestashop/prestashop@1.7.8%2B7
purl pkg:composer/prestashop/prestashop@1.7.8%2B7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8%252B7
1
url pkg:composer/prestashop/prestashop@1.7.8.7
purl pkg:composer/prestashop/prestashop@1.7.8.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-98tm-6u1z-d3cz
3
vulnerability VCID-am1v-rf8j-b7ae
4
vulnerability VCID-azu3-487t-53aw
5
vulnerability VCID-bjh8-pmaq-rba1
6
vulnerability VCID-bweb-xxh2-b7df
7
vulnerability VCID-d4nk-jn4h-nfcm
8
vulnerability VCID-f3y6-j44v-pqce
9
vulnerability VCID-hkr3-rvxd-jubb
10
vulnerability VCID-jcjb-wz39-4ye2
11
vulnerability VCID-mesw-xwzr-7ye5
12
vulnerability VCID-pvev-hxcv-6qce
13
vulnerability VCID-r84m-w6vx-due5
14
vulnerability VCID-rwcm-bgj9-8fep
15
vulnerability VCID-s29x-44jz-j3af
16
vulnerability VCID-u5mm-6rsb-xfbh
17
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8.7
aliases CVE-2022-31181, GHSA-hrgx-p36p-89q4, GMS-2022-3270
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-96sy-9gnx-ykbb
3
url VCID-98tm-6u1z-d3cz
vulnerability_id VCID-98tm-6u1z-d3cz
summary PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL function `LOAD_FILE` in a `SELECT` request. This gives the user access to critical information. A patch is available in PrestaShop 8.0.4 and PS 1.7.8.9
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30545
reference_id
reference_type
scores
0
value 0.00772
scoring_system epss
scoring_elements 0.74005
published_at 2026-06-11T12:55:00Z
1
value 0.00772
scoring_system epss
scoring_elements 0.7409
published_at 2026-06-14T12:55:00Z
2
value 0.00772
scoring_system epss
scoring_elements 0.74078
published_at 2026-06-12T12:55:00Z
3
value 0.00772
scoring_system epss
scoring_elements 0.74092
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30545
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30545
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30545
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/cddac4198a47c602878a787280d813f60c6c0630
reference_id cddac4198a47c602878a787280d813f60c6c0630
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:36:12Z/
url https://github.com/PrestaShop/PrestaShop/commit/cddac4198a47c602878a787280d813f60c6c0630
3
reference_url https://github.com/PrestaShop/PrestaShop/commit/d900806e1841a31f26ff0a1843a6888fc1bb7f81
reference_id d900806e1841a31f26ff0a1843a6888fc1bb7f81
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:36:12Z/
url https://github.com/PrestaShop/PrestaShop/commit/d900806e1841a31f26ff0a1843a6888fc1bb7f81
4
reference_url https://github.com/advisories/GHSA-8r4m-5p6p-52rp
reference_id GHSA-8r4m-5p6p-52rp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8r4m-5p6p-52rp
5
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-8r4m-5p6p-52rp
reference_id GHSA-8r4m-5p6p-52rp
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:36:12Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-8r4m-5p6p-52rp
fixed_packages
0
url pkg:composer/prestashop/prestashop@1.7.8.9
purl pkg:composer/prestashop/prestashop@1.7.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-jcjb-wz39-4ye2
8
vulnerability VCID-mesw-xwzr-7ye5
9
vulnerability VCID-pvev-hxcv-6qce
10
vulnerability VCID-r84m-w6vx-due5
11
vulnerability VCID-rwcm-bgj9-8fep
12
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8.9
1
url pkg:composer/prestashop/prestashop@1.7.8%2B9
purl pkg:composer/prestashop/prestashop@1.7.8%2B9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8%252B9
2
url pkg:composer/prestashop/prestashop@8.0.4
purl pkg:composer/prestashop/prestashop@8.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-etd8-pjky-7qam
7
vulnerability VCID-hkr3-rvxd-jubb
8
vulnerability VCID-jcjb-wz39-4ye2
9
vulnerability VCID-mesw-xwzr-7ye5
10
vulnerability VCID-pvev-hxcv-6qce
11
vulnerability VCID-r84m-w6vx-due5
12
vulnerability VCID-rwcm-bgj9-8fep
13
vulnerability VCID-txxt-nf7w-w3gp
14
vulnerability VCID-uy9r-8mcd-cufw
15
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.0.4
aliases CVE-2023-30545, GHSA-8r4m-5p6p-52rp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-98tm-6u1z-d3cz
4
url VCID-am1v-rf8j-b7ae
vulnerability_id VCID-am1v-rf8j-b7ae
summary PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the `ValidateCore::isCleanHTML()` method of Prestashop misses hijackable events which can lead to cross-site scripting (XSS) injection, allowed by the presence of pre-setup `@keyframes` methods. This XSS, which hijacks HTML attributes, can be triggered without any interaction by the visitor/administrator, which makes it as dangerous as a trivial XSS attack. Contrary to other attacks which target HTML attributes and are triggered without user interaction (such as onload / onerror which suffer from a very limited scope), this one can hijack every HTML element, which increases the danger due to a complete HTML elements scope. Versions 8.0.4 and 1.7.8.9 contain a fix for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30838
reference_id
reference_type
scores
0
value 0.01375
scoring_system epss
scoring_elements 0.80719
published_at 2026-06-14T12:55:00Z
1
value 0.01375
scoring_system epss
scoring_elements 0.80656
published_at 2026-06-11T12:55:00Z
2
value 0.01375
scoring_system epss
scoring_elements 0.80727
published_at 2026-06-13T12:55:00Z
3
value 0.01375
scoring_system epss
scoring_elements 0.80716
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30838
1
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.9
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.9
2
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/8.0.4
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/releases/tag/8.0.4
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30838
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30838
4
reference_url https://github.com/PrestaShop/PrestaShop/commit/46408ae4b02f3b8b1bb6e9dc63af5bcd858abd9c
reference_id 46408ae4b02f3b8b1bb6e9dc63af5bcd858abd9c
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T19:34:44Z/
url https://github.com/PrestaShop/PrestaShop/commit/46408ae4b02f3b8b1bb6e9dc63af5bcd858abd9c
5
reference_url https://github.com/PrestaShop/PrestaShop/commit/dc682192df0e4b0d656a8e645b29ca1b9dbe3693
reference_id dc682192df0e4b0d656a8e645b29ca1b9dbe3693
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T19:34:44Z/
url https://github.com/PrestaShop/PrestaShop/commit/dc682192df0e4b0d656a8e645b29ca1b9dbe3693
6
reference_url https://github.com/advisories/GHSA-fh7r-996q-gvcp
reference_id GHSA-fh7r-996q-gvcp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh7r-996q-gvcp
7
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-fh7r-996q-gvcp
reference_id GHSA-fh7r-996q-gvcp
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T19:34:44Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-fh7r-996q-gvcp
fixed_packages
0
url pkg:composer/prestashop/prestashop@1.7.8%2B9
purl pkg:composer/prestashop/prestashop@1.7.8%2B9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8%252B9
1
url pkg:composer/prestashop/prestashop@8.0.0-beta.1
purl pkg:composer/prestashop/prestashop@8.0.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-jcjb-wz39-4ye2
8
vulnerability VCID-mesw-xwzr-7ye5
9
vulnerability VCID-pvev-hxcv-6qce
10
vulnerability VCID-r84m-w6vx-due5
11
vulnerability VCID-rwcm-bgj9-8fep
12
vulnerability VCID-s29x-44jz-j3af
13
vulnerability VCID-uy9r-8mcd-cufw
14
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.0.0-beta.1
2
url pkg:composer/prestashop/prestashop@8.0.4
purl pkg:composer/prestashop/prestashop@8.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-etd8-pjky-7qam
7
vulnerability VCID-hkr3-rvxd-jubb
8
vulnerability VCID-jcjb-wz39-4ye2
9
vulnerability VCID-mesw-xwzr-7ye5
10
vulnerability VCID-pvev-hxcv-6qce
11
vulnerability VCID-r84m-w6vx-due5
12
vulnerability VCID-rwcm-bgj9-8fep
13
vulnerability VCID-txxt-nf7w-w3gp
14
vulnerability VCID-uy9r-8mcd-cufw
15
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.0.4
3
url pkg:composer/prestashop/prestashop@8.1.0-beta.1
purl pkg:composer/prestashop/prestashop@8.1.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-jcjb-wz39-4ye2
8
vulnerability VCID-mesw-xwzr-7ye5
9
vulnerability VCID-pvev-hxcv-6qce
10
vulnerability VCID-r84m-w6vx-due5
11
vulnerability VCID-rwcm-bgj9-8fep
12
vulnerability VCID-uy9r-8mcd-cufw
13
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.0-beta.1
aliases CVE-2023-30838, GHSA-fh7r-996q-gvcp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-am1v-rf8j-b7ae
5
url VCID-azu3-487t-53aw
vulnerability_id VCID-azu3-487t-53aw
summary PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting (XSS) vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The payload is stored in the database and executed when a back-office employee opens the affected customer thread, enabling session hijacking and full back-office takeover. This vulnerability is fixed in 8.2.6 and 9.1.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44212
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06273
published_at 2026-06-14T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.06283
published_at 2026-06-11T12:55:00Z
2
value 0.00022
scoring_system epss
scoring_elements 0.06292
published_at 2026-06-13T12:55:00Z
3
value 0.00022
scoring_system epss
scoring_elements 0.06303
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44212
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44212
reference_id CVE-2026-44212
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-44212
2
reference_url https://github.com/advisories/GHSA-w9f3-qc75-qgx9
reference_id GHSA-w9f3-qc75-qgx9
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w9f3-qc75-qgx9
3
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-w9f3-qc75-qgx9
reference_id GHSA-w9f3-qc75-qgx9
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-15T13:33:59Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-w9f3-qc75-qgx9
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.2.6
purl pkg:composer/prestashop/prestashop@8.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.2.6
1
url pkg:composer/prestashop/prestashop@9.1.1
purl pkg:composer/prestashop/prestashop@9.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@9.1.1
aliases CVE-2026-44212, GHSA-w9f3-qc75-qgx9
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azu3-487t-53aw
6
url VCID-bjh8-pmaq-rba1
vulnerability_id VCID-bjh8-pmaq-rba1
summary PrestaShop is an open source e-commerce web application. Prior to 8.2.4 and 9.0.3, there is a time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by measuring response times. This vulnerability is fixed in 8.2.4 and 9.0.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25597
reference_id
reference_type
scores
0
value 0.0007
scoring_system epss
scoring_elements 0.2182
published_at 2026-06-14T12:55:00Z
1
value 0.0007
scoring_system epss
scoring_elements 0.21846
published_at 2026-06-13T12:55:00Z
2
value 0.0007
scoring_system epss
scoring_elements 0.21834
published_at 2026-06-12T12:55:00Z
3
value 0.0007
scoring_system epss
scoring_elements 0.21646
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25597
1
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.4
reference_id 8.2.4
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:22:00Z/
url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.4
2
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/9.0.3
reference_id 9.0.3
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:22:00Z/
url https://github.com/PrestaShop/PrestaShop/releases/tag/9.0.3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25597
reference_id CVE-2026-25597
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25597
4
reference_url https://github.com/advisories/GHSA-67v7-3g49-mxh2
reference_id GHSA-67v7-3g49-mxh2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-67v7-3g49-mxh2
5
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-67v7-3g49-mxh2
reference_id GHSA-67v7-3g49-mxh2
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:22:00Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-67v7-3g49-mxh2
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.2.4
purl pkg:composer/prestashop/prestashop@8.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azu3-487t-53aw
1
vulnerability VCID-mesw-xwzr-7ye5
2
vulnerability VCID-r84m-w6vx-due5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.2.4
1
url pkg:composer/prestashop/prestashop@9.0.3
purl pkg:composer/prestashop/prestashop@9.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azu3-487t-53aw
1
vulnerability VCID-mesw-xwzr-7ye5
2
vulnerability VCID-r84m-w6vx-due5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@9.0.3
2
url pkg:composer/prestashop/prestashop@9.1.0-beta.1
purl pkg:composer/prestashop/prestashop@9.1.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azu3-487t-53aw
1
vulnerability VCID-mesw-xwzr-7ye5
2
vulnerability VCID-r84m-w6vx-due5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@9.1.0-beta.1
aliases CVE-2026-25597, GHSA-67v7-3g49-mxh2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bjh8-pmaq-rba1
7
url VCID-bweb-xxh2-b7df
vulnerability_id VCID-bweb-xxh2-b7df
summary PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39529
reference_id
reference_type
scores
0
value 0.0092
scoring_system epss
scoring_elements 0.76498
published_at 2026-06-14T12:55:00Z
1
value 0.0092
scoring_system epss
scoring_elements 0.76488
published_at 2026-06-12T12:55:00Z
2
value 0.0092
scoring_system epss
scoring_elements 0.76419
published_at 2026-06-11T12:55:00Z
3
value 0.0092
scoring_system epss
scoring_elements 0.76503
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39529
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39529
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39529
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/b08c647305dc1e9e6a2445b724d13a9733b6ed82
reference_id b08c647305dc1e9e6a2445b724d13a9733b6ed82
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:01:08Z/
url https://github.com/PrestaShop/PrestaShop/commit/b08c647305dc1e9e6a2445b724d13a9733b6ed82
3
reference_url https://github.com/advisories/GHSA-2rf5-3fw8-qm47
reference_id GHSA-2rf5-3fw8-qm47
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2rf5-3fw8-qm47
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-2rf5-3fw8-qm47
reference_id GHSA-2rf5-3fw8-qm47
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:01:08Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-2rf5-3fw8-qm47
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.1.1
purl pkg:composer/prestashop/prestashop@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-5f1j-3t9n-7kf7
3
vulnerability VCID-azu3-487t-53aw
4
vulnerability VCID-bjh8-pmaq-rba1
5
vulnerability VCID-cvjc-r4wd-1uah
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-mesw-xwzr-7ye5
8
vulnerability VCID-r84m-w6vx-due5
9
vulnerability VCID-uy9r-8mcd-cufw
10
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.1
aliases CVE-2023-39529, GHSA-2rf5-3fw8-qm47
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bweb-xxh2-b7df
8
url VCID-d4nk-jn4h-nfcm
vulnerability_id VCID-d4nk-jn4h-nfcm
summary PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the `displayAjaxEmailHTML` method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39528
reference_id
reference_type
scores
0
value 0.00845
scoring_system epss
scoring_elements 0.75309
published_at 2026-06-13T12:55:00Z
1
value 0.00845
scoring_system epss
scoring_elements 0.75304
published_at 2026-06-14T12:55:00Z
2
value 0.00845
scoring_system epss
scoring_elements 0.75295
published_at 2026-06-12T12:55:00Z
3
value 0.00845
scoring_system epss
scoring_elements 0.75224
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39528
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39528
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39528
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/11de3a84322fa4ecd0995ac40d575db61804724c
reference_id 11de3a84322fa4ecd0995ac40d575db61804724c
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:01:14Z/
url https://github.com/PrestaShop/PrestaShop/commit/11de3a84322fa4ecd0995ac40d575db61804724c
3
reference_url https://github.com/advisories/GHSA-hpf4-v7v2-95p2
reference_id GHSA-hpf4-v7v2-95p2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hpf4-v7v2-95p2
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hpf4-v7v2-95p2
reference_id GHSA-hpf4-v7v2-95p2
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:01:14Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hpf4-v7v2-95p2
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.1.1
purl pkg:composer/prestashop/prestashop@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-5f1j-3t9n-7kf7
3
vulnerability VCID-azu3-487t-53aw
4
vulnerability VCID-bjh8-pmaq-rba1
5
vulnerability VCID-cvjc-r4wd-1uah
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-mesw-xwzr-7ye5
8
vulnerability VCID-r84m-w6vx-due5
9
vulnerability VCID-uy9r-8mcd-cufw
10
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.1
aliases CVE-2023-39528, GHSA-hpf4-v7v2-95p2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d4nk-jn4h-nfcm
9
url VCID-f3y6-j44v-pqce
vulnerability_id VCID-f3y6-j44v-pqce
summary PrestaShop is an open-source e-commerce solution. Versions prior to 1.7.8.8 did not properly restrict host filesystem access for users. Users may have been able to view the contents of the upload directory without appropriate permissions. This issue has been addressed and users are advised to upgrade to version 1.7.8.8. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-46158
reference_id
reference_type
scores
0
value 0.00074
scoring_system epss
scoring_elements 0.22599
published_at 2026-06-12T12:55:00Z
1
value 0.00074
scoring_system epss
scoring_elements 0.22594
published_at 2026-06-14T12:55:00Z
2
value 0.00074
scoring_system epss
scoring_elements 0.22612
published_at 2026-06-13T12:55:00Z
3
value 0.00074
scoring_system epss
scoring_elements 0.22403
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-46158
1
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.8
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/8684d429fb7c3bb51efb098e8b92a1fd2958f8cf
reference_id 8684d429fb7c3bb51efb098e8b92a1fd2958f8cf
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:47:57Z/
url https://github.com/PrestaShop/PrestaShop/commit/8684d429fb7c3bb51efb098e8b92a1fd2958f8cf
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-46158
reference_id CVE-2022-46158
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-46158
4
reference_url https://github.com/advisories/GHSA-9qgp-9wwc-v29r
reference_id GHSA-9qgp-9wwc-v29r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9qgp-9wwc-v29r
5
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-9qgp-9wwc-v29r
reference_id GHSA-9qgp-9wwc-v29r
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:47:57Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-9qgp-9wwc-v29r
fixed_packages
0
url pkg:composer/prestashop/prestashop@1.7.8.8
purl pkg:composer/prestashop/prestashop@1.7.8.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-98tm-6u1z-d3cz
3
vulnerability VCID-am1v-rf8j-b7ae
4
vulnerability VCID-azu3-487t-53aw
5
vulnerability VCID-bjh8-pmaq-rba1
6
vulnerability VCID-bweb-xxh2-b7df
7
vulnerability VCID-d4nk-jn4h-nfcm
8
vulnerability VCID-hkr3-rvxd-jubb
9
vulnerability VCID-jcjb-wz39-4ye2
10
vulnerability VCID-mesw-xwzr-7ye5
11
vulnerability VCID-pvev-hxcv-6qce
12
vulnerability VCID-r84m-w6vx-due5
13
vulnerability VCID-rwcm-bgj9-8fep
14
vulnerability VCID-s29x-44jz-j3af
15
vulnerability VCID-u5mm-6rsb-xfbh
16
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8.8
1
url pkg:composer/prestashop/prestashop@1.7.8%2B8
purl pkg:composer/prestashop/prestashop@1.7.8%2B8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8%252B8
aliases CVE-2022-46158, GHSA-9qgp-9wwc-v29r, GMS-2022-8006
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f3y6-j44v-pqce
10
url VCID-hkr3-rvxd-jubb
vulnerability_id VCID-hkr3-rvxd-jubb
summary PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43663
reference_id
reference_type
scores
0
value 0.00102
scoring_system epss
scoring_elements 0.27767
published_at 2026-06-12T12:55:00Z
1
value 0.00102
scoring_system epss
scoring_elements 0.27782
published_at 2026-06-14T12:55:00Z
2
value 0.00102
scoring_system epss
scoring_elements 0.27565
published_at 2026-06-11T12:55:00Z
3
value 0.00102
scoring_system epss
scoring_elements 0.27792
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43663
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43663
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-43663
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/ce1f67083537194e974caf86c57e547a0aaa46cd
reference_id ce1f67083537194e974caf86c57e547a0aaa46cd
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-20T17:48:09Z/
url https://github.com/PrestaShop/PrestaShop/commit/ce1f67083537194e974caf86c57e547a0aaa46cd
3
reference_url https://github.com/advisories/GHSA-6jmf-2pfc-q9m7
reference_id GHSA-6jmf-2pfc-q9m7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6jmf-2pfc-q9m7
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6jmf-2pfc-q9m7
reference_id GHSA-6jmf-2pfc-q9m7
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-20T17:48:09Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6jmf-2pfc-q9m7
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.1.2
purl pkg:composer/prestashop/prestashop@8.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-5f1j-3t9n-7kf7
3
vulnerability VCID-azu3-487t-53aw
4
vulnerability VCID-bjh8-pmaq-rba1
5
vulnerability VCID-cvjc-r4wd-1uah
6
vulnerability VCID-mesw-xwzr-7ye5
7
vulnerability VCID-r84m-w6vx-due5
8
vulnerability VCID-uy9r-8mcd-cufw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.2
aliases CVE-2023-43663, GHSA-6jmf-2pfc-q9m7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hkr3-rvxd-jubb
11
url VCID-jcjb-wz39-4ye2
vulnerability_id VCID-jcjb-wz39-4ye2
summary PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39525
reference_id
reference_type
scores
0
value 0.01304
scoring_system epss
scoring_elements 0.80248
published_at 2026-06-14T12:55:00Z
1
value 0.01304
scoring_system epss
scoring_elements 0.80239
published_at 2026-06-12T12:55:00Z
2
value 0.01304
scoring_system epss
scoring_elements 0.80178
published_at 2026-06-11T12:55:00Z
3
value 0.01304
scoring_system epss
scoring_elements 0.80256
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39525
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39525
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39525
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/c7c9a5110421bb2856f4d312ecce192d079b5ec7
reference_id c7c9a5110421bb2856f4d312ecce192d079b5ec7
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:19:54Z/
url https://github.com/PrestaShop/PrestaShop/commit/c7c9a5110421bb2856f4d312ecce192d079b5ec7
3
reference_url https://github.com/advisories/GHSA-m9r4-3fg7-pqm2
reference_id GHSA-m9r4-3fg7-pqm2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m9r4-3fg7-pqm2
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-m9r4-3fg7-pqm2
reference_id GHSA-m9r4-3fg7-pqm2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:19:54Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-m9r4-3fg7-pqm2
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.1.1
purl pkg:composer/prestashop/prestashop@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-5f1j-3t9n-7kf7
3
vulnerability VCID-azu3-487t-53aw
4
vulnerability VCID-bjh8-pmaq-rba1
5
vulnerability VCID-cvjc-r4wd-1uah
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-mesw-xwzr-7ye5
8
vulnerability VCID-r84m-w6vx-due5
9
vulnerability VCID-uy9r-8mcd-cufw
10
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.1
aliases CVE-2023-39525, GHSA-m9r4-3fg7-pqm2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jcjb-wz39-4ye2
12
url VCID-mesw-xwzr-7ye5
vulnerability_id VCID-mesw-xwzr-7ye5
summary PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33674
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.0867
published_at 2026-06-13T12:55:00Z
1
value 0.00028
scoring_system epss
scoring_elements 0.08624
published_at 2026-06-11T12:55:00Z
2
value 0.00028
scoring_system epss
scoring_elements 0.08665
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33674
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33674
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33674
2
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5
reference_id 8.2.5
reference_type
scores
0
value 2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
1
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:44:11Z/
url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5
3
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0
reference_id 9.1.0
reference_type
scores
0
value 2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
1
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:44:11Z/
url https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0
4
reference_url https://github.com/advisories/GHSA-283w-xf3q-788v
reference_id GHSA-283w-xf3q-788v
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-283w-xf3q-788v
5
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v
reference_id GHSA-283w-xf3q-788v
reference_type
scores
0
value 2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
1
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
2
value LOW
scoring_system cvssv3.1_qr
scoring_elements
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:44:11Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.2.5
purl pkg:composer/prestashop/prestashop@8.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azu3-487t-53aw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.2.5
1
url pkg:composer/prestashop/prestashop@9.1.0
purl pkg:composer/prestashop/prestashop@9.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azu3-487t-53aw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@9.1.0
aliases CVE-2026-33674, GHSA-283w-xf3q-788v
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mesw-xwzr-7ye5
13
url VCID-pvev-hxcv-6qce
vulnerability_id VCID-pvev-hxcv-6qce
summary PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete files from the server via the CustomerMessage API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39530
reference_id
reference_type
scores
0
value 0.00996
scoring_system epss
scoring_elements 0.77461
published_at 2026-06-13T12:55:00Z
1
value 0.00996
scoring_system epss
scoring_elements 0.77452
published_at 2026-06-14T12:55:00Z
2
value 0.00996
scoring_system epss
scoring_elements 0.77446
published_at 2026-06-12T12:55:00Z
3
value 0.00996
scoring_system epss
scoring_elements 0.77376
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39530
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39530
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39530
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/6ce750b2367a7309b6bf50166f1873cb86ad57e9
reference_id 6ce750b2367a7309b6bf50166f1873cb86ad57e9
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T17:33:05Z/
url https://github.com/PrestaShop/PrestaShop/commit/6ce750b2367a7309b6bf50166f1873cb86ad57e9
3
reference_url https://github.com/advisories/GHSA-v4gr-v679-42p7
reference_id GHSA-v4gr-v679-42p7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v4gr-v679-42p7
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-v4gr-v679-42p7
reference_id GHSA-v4gr-v679-42p7
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T17:33:05Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-v4gr-v679-42p7
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.1.1
purl pkg:composer/prestashop/prestashop@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-5f1j-3t9n-7kf7
3
vulnerability VCID-azu3-487t-53aw
4
vulnerability VCID-bjh8-pmaq-rba1
5
vulnerability VCID-cvjc-r4wd-1uah
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-mesw-xwzr-7ye5
8
vulnerability VCID-r84m-w6vx-due5
9
vulnerability VCID-uy9r-8mcd-cufw
10
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.1
aliases CVE-2023-39530, GHSA-v4gr-v679-42p7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pvev-hxcv-6qce
14
url VCID-r84m-w6vx-due5
vulnerability_id VCID-r84m-w6vx-due5
summary PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting (stored XSS) vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability, can exploit unprotected variables in back-office templates. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33673
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04197
published_at 2026-06-11T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.04201
published_at 2026-06-14T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.0421
published_at 2026-06-12T12:55:00Z
3
value 0.00017
scoring_system epss
scoring_elements 0.04198
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33673
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33673
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33673
2
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5
reference_id 8.2.5
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-27T20:27:27Z/
url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5
3
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0
reference_id 9.1.0
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-27T20:27:27Z/
url https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0
4
reference_url https://github.com/advisories/GHSA-35pf-37c6-jxjv
reference_id GHSA-35pf-37c6-jxjv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-35pf-37c6-jxjv
5
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-35pf-37c6-jxjv
reference_id GHSA-35pf-37c6-jxjv
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-27T20:27:27Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-35pf-37c6-jxjv
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.2.5
purl pkg:composer/prestashop/prestashop@8.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azu3-487t-53aw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.2.5
1
url pkg:composer/prestashop/prestashop@9.1.0
purl pkg:composer/prestashop/prestashop@9.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azu3-487t-53aw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@9.1.0
aliases CVE-2026-33673, GHSA-35pf-37c6-jxjv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r84m-w6vx-due5
15
url VCID-rwcm-bgj9-8fep
vulnerability_id VCID-rwcm-bgj9-8fep
summary PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO's product page. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39524
reference_id
reference_type
scores
0
value 0.00432
scoring_system epss
scoring_elements 0.63249
published_at 2026-06-13T12:55:00Z
1
value 0.00432
scoring_system epss
scoring_elements 0.63246
published_at 2026-06-14T12:55:00Z
2
value 0.00432
scoring_system epss
scoring_elements 0.63237
published_at 2026-06-12T12:55:00Z
3
value 0.00432
scoring_system epss
scoring_elements 0.63136
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39524
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39524
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39524
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/2047d4c053043102bc46a37d383b392704bf14d7
reference_id 2047d4c053043102bc46a37d383b392704bf14d7
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:20:18Z/
url https://github.com/PrestaShop/PrestaShop/commit/2047d4c053043102bc46a37d383b392704bf14d7
3
reference_url https://github.com/advisories/GHSA-75p5-jwx4-qw9h
reference_id GHSA-75p5-jwx4-qw9h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-75p5-jwx4-qw9h
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-75p5-jwx4-qw9h
reference_id GHSA-75p5-jwx4-qw9h
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:20:18Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-75p5-jwx4-qw9h
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.1.1
purl pkg:composer/prestashop/prestashop@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-5f1j-3t9n-7kf7
3
vulnerability VCID-azu3-487t-53aw
4
vulnerability VCID-bjh8-pmaq-rba1
5
vulnerability VCID-cvjc-r4wd-1uah
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-mesw-xwzr-7ye5
8
vulnerability VCID-r84m-w6vx-due5
9
vulnerability VCID-uy9r-8mcd-cufw
10
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.1
aliases CVE-2023-39524, GHSA-75p5-jwx4-qw9h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rwcm-bgj9-8fep
16
url VCID-s29x-44jz-j3af
vulnerability_id VCID-s29x-44jz-j3af
summary PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery (CSRF). When authenticating users, PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enable same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. The problem is fixed in version 8.0.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25170
reference_id
reference_type
scores
0
value 0.00137
scoring_system epss
scoring_elements 0.33677
published_at 2026-06-14T12:55:00Z
1
value 0.00137
scoring_system epss
scoring_elements 0.33501
published_at 2026-06-11T12:55:00Z
2
value 0.00137
scoring_system epss
scoring_elements 0.33703
published_at 2026-06-13T12:55:00Z
3
value 0.00137
scoring_system epss
scoring_elements 0.33681
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25170
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25170
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25170
2
reference_url https://github.com/advisories/GHSA-3g43-x7qr-96ph
reference_id GHSA-3g43-x7qr-96ph
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3g43-x7qr-96ph
3
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-3g43-x7qr-96ph
reference_id GHSA-3g43-x7qr-96ph
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:29:46Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-3g43-x7qr-96ph
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.0.1
purl pkg:composer/prestashop/prestashop@8.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-98tm-6u1z-d3cz
3
vulnerability VCID-am1v-rf8j-b7ae
4
vulnerability VCID-azu3-487t-53aw
5
vulnerability VCID-bjh8-pmaq-rba1
6
vulnerability VCID-bweb-xxh2-b7df
7
vulnerability VCID-d4nk-jn4h-nfcm
8
vulnerability VCID-etd8-pjky-7qam
9
vulnerability VCID-hkr3-rvxd-jubb
10
vulnerability VCID-jcjb-wz39-4ye2
11
vulnerability VCID-mesw-xwzr-7ye5
12
vulnerability VCID-pvev-hxcv-6qce
13
vulnerability VCID-r84m-w6vx-due5
14
vulnerability VCID-rwcm-bgj9-8fep
15
vulnerability VCID-txxt-nf7w-w3gp
16
vulnerability VCID-u5mm-6rsb-xfbh
17
vulnerability VCID-uy9r-8mcd-cufw
18
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.0.1
aliases CVE-2023-25170, GHSA-3g43-x7qr-96ph
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s29x-44jz-j3af
17
url VCID-u5mm-6rsb-xfbh
vulnerability_id VCID-u5mm-6rsb-xfbh
summary PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30839
reference_id
reference_type
scores
0
value 0.04563
scoring_system epss
scoring_elements 0.89484
published_at 2026-06-14T12:55:00Z
1
value 0.04563
scoring_system epss
scoring_elements 0.89443
published_at 2026-06-11T12:55:00Z
2
value 0.04563
scoring_system epss
scoring_elements 0.89486
published_at 2026-06-13T12:55:00Z
3
value 0.04563
scoring_system epss
scoring_elements 0.89478
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30839
1
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.9
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.9
2
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/8.0.4
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/releases/tag/8.0.4
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30839
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30839
4
reference_url https://github.com/PrestaShop/PrestaShop/commit/0f2a9b7fdd42d1dd3b21d4fad586a849642f3c30
reference_id 0f2a9b7fdd42d1dd3b21d4fad586a849642f3c30
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:07:54Z/
url https://github.com/PrestaShop/PrestaShop/commit/0f2a9b7fdd42d1dd3b21d4fad586a849642f3c30
5
reference_url https://github.com/PrestaShop/PrestaShop/commit/d1d27dc371599713c912b71bc2a455cacd7f2149
reference_id d1d27dc371599713c912b71bc2a455cacd7f2149
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:07:54Z/
url https://github.com/PrestaShop/PrestaShop/commit/d1d27dc371599713c912b71bc2a455cacd7f2149
6
reference_url https://github.com/advisories/GHSA-p379-cxqh-q822
reference_id GHSA-p379-cxqh-q822
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p379-cxqh-q822
7
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-p379-cxqh-q822
reference_id GHSA-p379-cxqh-q822
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:07:54Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-p379-cxqh-q822
fixed_packages
0
url pkg:composer/prestashop/prestashop@1.7.8%2B9
purl pkg:composer/prestashop/prestashop@1.7.8%2B9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8%252B9
1
url pkg:composer/prestashop/prestashop@8.0.0-beta.1
purl pkg:composer/prestashop/prestashop@8.0.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-jcjb-wz39-4ye2
8
vulnerability VCID-mesw-xwzr-7ye5
9
vulnerability VCID-pvev-hxcv-6qce
10
vulnerability VCID-r84m-w6vx-due5
11
vulnerability VCID-rwcm-bgj9-8fep
12
vulnerability VCID-s29x-44jz-j3af
13
vulnerability VCID-uy9r-8mcd-cufw
14
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.0.0-beta.1
2
url pkg:composer/prestashop/prestashop@8.0.4
purl pkg:composer/prestashop/prestashop@8.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-etd8-pjky-7qam
7
vulnerability VCID-hkr3-rvxd-jubb
8
vulnerability VCID-jcjb-wz39-4ye2
9
vulnerability VCID-mesw-xwzr-7ye5
10
vulnerability VCID-pvev-hxcv-6qce
11
vulnerability VCID-r84m-w6vx-due5
12
vulnerability VCID-rwcm-bgj9-8fep
13
vulnerability VCID-txxt-nf7w-w3gp
14
vulnerability VCID-uy9r-8mcd-cufw
15
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.0.4
3
url pkg:composer/prestashop/prestashop@8.1.0-beta.1
purl pkg:composer/prestashop/prestashop@8.1.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-jcjb-wz39-4ye2
8
vulnerability VCID-mesw-xwzr-7ye5
9
vulnerability VCID-pvev-hxcv-6qce
10
vulnerability VCID-r84m-w6vx-due5
11
vulnerability VCID-rwcm-bgj9-8fep
12
vulnerability VCID-uy9r-8mcd-cufw
13
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.0-beta.1
aliases CVE-2023-30839, GHSA-p379-cxqh-q822
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u5mm-6rsb-xfbh
18
url VCID-wjfd-3ceu-puad
vulnerability_id VCID-wjfd-3ceu-puad
summary PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This issue has been addressed in commit `15bd281c` which is included in version 8.1.2. Users are advised to upgrade. There are no known workaround for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43664
reference_id
reference_type
scores
0
value 0.00239
scoring_system epss
scoring_elements 0.47399
published_at 2026-06-13T12:55:00Z
1
value 0.00239
scoring_system epss
scoring_elements 0.47381
published_at 2026-06-14T12:55:00Z
2
value 0.00239
scoring_system epss
scoring_elements 0.47385
published_at 2026-06-12T12:55:00Z
3
value 0.00239
scoring_system epss
scoring_elements 0.47243
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43664
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43664
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-43664
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/15bd281c18f032a5134a8d213b44d24829d45762
reference_id 15bd281c18f032a5134a8d213b44d24829d45762
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-20T17:48:03Z/
url https://github.com/PrestaShop/PrestaShop/commit/15bd281c18f032a5134a8d213b44d24829d45762
3
reference_url https://github.com/advisories/GHSA-gvrg-62jp-rf7j
reference_id GHSA-gvrg-62jp-rf7j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gvrg-62jp-rf7j
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gvrg-62jp-rf7j
reference_id GHSA-gvrg-62jp-rf7j
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-20T17:48:03Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gvrg-62jp-rf7j
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.1.2
purl pkg:composer/prestashop/prestashop@8.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-5f1j-3t9n-7kf7
3
vulnerability VCID-azu3-487t-53aw
4
vulnerability VCID-bjh8-pmaq-rba1
5
vulnerability VCID-cvjc-r4wd-1uah
6
vulnerability VCID-mesw-xwzr-7ye5
7
vulnerability VCID-r84m-w6vx-due5
8
vulnerability VCID-uy9r-8mcd-cufw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.2
aliases CVE-2023-43664, GHSA-gvrg-62jp-rf7j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wjfd-3ceu-puad
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8.4