Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/prestashop/prestashop@1.7.8.8
Typecomposer
Namespaceprestashop
Nameprestashop
Version1.7.8.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.2.6
Latest_non_vulnerable_version9.1.1
Affected_by_vulnerabilities
0
url VCID-2bnh-9kn6-4qcd
vulnerability_id VCID-2bnh-9kn6-4qcd
summary An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive information via the reset password feature.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-51586
reference_id
reference_type
scores
0
value 0.0103
scoring_system epss
scoring_elements 0.77811
published_at 2026-06-12T12:55:00Z
1
value 0.0103
scoring_system epss
scoring_elements 0.77742
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-51586
1
reference_url https://build.prestashop-project.org/news/2025/prestashop-8-2-3-security-release
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://build.prestashop-project.org/news/2025/prestashop-8-2-3-security-release
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/c97bdf10f77fedbe5a61a1dec5f96b3abb1d76fb
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/commit/c97bdf10f77fedbe5a61a1dec5f96b3abb1d76fb
3
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.3
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.3
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-8xx5-h6m3-jr33
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-8xx5-h6m3-jr33
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-51586
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-51586
6
reference_url https://prestashop.com
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://prestashop.com
7
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.1
reference_id 8.2.1
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-08T17:47:26Z/
url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.1
8
reference_url https://maxime-morel.github.io/advisories/2025/CVE-2025-51586.md
reference_id CVE-2025-51586.md
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-08T17:47:26Z/
url https://maxime-morel.github.io/advisories/2025/CVE-2025-51586.md
9
reference_url https://github.com/advisories/GHSA-8xx5-h6m3-jr33
reference_id GHSA-8xx5-h6m3-jr33
reference_type
scores
url https://github.com/advisories/GHSA-8xx5-h6m3-jr33
10
reference_url https://prestashop.com/
reference_id prestashop.com
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-08T17:47:26Z/
url https://prestashop.com/
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.2.3
purl pkg:composer/prestashop/prestashop@8.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azu3-487t-53aw
1
vulnerability VCID-bjh8-pmaq-rba1
2
vulnerability VCID-mesw-xwzr-7ye5
3
vulnerability VCID-r84m-w6vx-due5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.2.3
aliases CVE-2025-51586, GHSA-8xx5-h6m3-jr33
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2bnh-9kn6-4qcd
1
url VCID-4cjs-wwx4-k7ew
vulnerability_id VCID-4cjs-wwx4-k7ew
summary PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig's escape mechanism. In FO, the cross-site scripting attack is effective, but only impacts the customer sending it, or the customer session from which it was sent. This issue affects those who have a module fetching these messages from the DB and displaying it without escaping HTML. Version 8.1.3 contains a patch for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21628
reference_id
reference_type
scores
0
value 0.00384
scoring_system epss
scoring_elements 0.60189
published_at 2026-06-12T12:55:00Z
1
value 0.00384
scoring_system epss
scoring_elements 0.60082
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21628
1
reference_url https://github.com/PrestaShop/PrestaShop/commit/afc45b93b3cc33be0e571559d2838c6960d98856
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/commit/afc45b93b3cc33be0e571559d2838c6960d98856
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/c3d78b7e49f5fe49a9d07725c3174d005deaa597
reference_id c3d78b7e49f5fe49a9d07725c3174d005deaa597
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-16T16:32:28Z/
url https://github.com/PrestaShop/PrestaShop/commit/c3d78b7e49f5fe49a9d07725c3174d005deaa597
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21628
reference_id CVE-2024-21628
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-21628
4
reference_url https://github.com/advisories/GHSA-vr7m-r9vm-m4wf
reference_id GHSA-vr7m-r9vm-m4wf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vr7m-r9vm-m4wf
5
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-vr7m-r9vm-m4wf
reference_id GHSA-vr7m-r9vm-m4wf
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-16T16:32:28Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-vr7m-r9vm-m4wf
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.1.3
purl pkg:composer/prestashop/prestashop@8.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-5f1j-3t9n-7kf7
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-cvjc-r4wd-1uah
5
vulnerability VCID-mesw-xwzr-7ye5
6
vulnerability VCID-r84m-w6vx-due5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.3
aliases CVE-2024-21628, GHSA-vr7m-r9vm-m4wf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4cjs-wwx4-k7ew
2
url VCID-98tm-6u1z-d3cz
vulnerability_id VCID-98tm-6u1z-d3cz
summary PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL function `LOAD_FILE` in a `SELECT` request. This gives the user access to critical information. A patch is available in PrestaShop 8.0.4 and PS 1.7.8.9
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30545
reference_id
reference_type
scores
0
value 0.00772
scoring_system epss
scoring_elements 0.74005
published_at 2026-06-11T12:55:00Z
1
value 0.00772
scoring_system epss
scoring_elements 0.74078
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30545
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30545
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30545
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/cddac4198a47c602878a787280d813f60c6c0630
reference_id cddac4198a47c602878a787280d813f60c6c0630
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:36:12Z/
url https://github.com/PrestaShop/PrestaShop/commit/cddac4198a47c602878a787280d813f60c6c0630
3
reference_url https://github.com/PrestaShop/PrestaShop/commit/d900806e1841a31f26ff0a1843a6888fc1bb7f81
reference_id d900806e1841a31f26ff0a1843a6888fc1bb7f81
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:36:12Z/
url https://github.com/PrestaShop/PrestaShop/commit/d900806e1841a31f26ff0a1843a6888fc1bb7f81
4
reference_url https://github.com/advisories/GHSA-8r4m-5p6p-52rp
reference_id GHSA-8r4m-5p6p-52rp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8r4m-5p6p-52rp
5
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-8r4m-5p6p-52rp
reference_id GHSA-8r4m-5p6p-52rp
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:36:12Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-8r4m-5p6p-52rp
fixed_packages
0
url pkg:composer/prestashop/prestashop@1.7.8%2B9
purl pkg:composer/prestashop/prestashop@1.7.8%2B9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8%252B9
1
url pkg:composer/prestashop/prestashop@1.7.8.9
purl pkg:composer/prestashop/prestashop@1.7.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-jcjb-wz39-4ye2
8
vulnerability VCID-mesw-xwzr-7ye5
9
vulnerability VCID-pvev-hxcv-6qce
10
vulnerability VCID-r84m-w6vx-due5
11
vulnerability VCID-rwcm-bgj9-8fep
12
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8.9
2
url pkg:composer/prestashop/prestashop@8.0.4
purl pkg:composer/prestashop/prestashop@8.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-etd8-pjky-7qam
7
vulnerability VCID-hkr3-rvxd-jubb
8
vulnerability VCID-jcjb-wz39-4ye2
9
vulnerability VCID-mesw-xwzr-7ye5
10
vulnerability VCID-pvev-hxcv-6qce
11
vulnerability VCID-r84m-w6vx-due5
12
vulnerability VCID-rwcm-bgj9-8fep
13
vulnerability VCID-txxt-nf7w-w3gp
14
vulnerability VCID-uy9r-8mcd-cufw
15
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.0.4
aliases CVE-2023-30545, GHSA-8r4m-5p6p-52rp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-98tm-6u1z-d3cz
3
url VCID-am1v-rf8j-b7ae
vulnerability_id VCID-am1v-rf8j-b7ae
summary PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the `ValidateCore::isCleanHTML()` method of Prestashop misses hijackable events which can lead to cross-site scripting (XSS) injection, allowed by the presence of pre-setup `@keyframes` methods. This XSS, which hijacks HTML attributes, can be triggered without any interaction by the visitor/administrator, which makes it as dangerous as a trivial XSS attack. Contrary to other attacks which target HTML attributes and are triggered without user interaction (such as onload / onerror which suffer from a very limited scope), this one can hijack every HTML element, which increases the danger due to a complete HTML elements scope. Versions 8.0.4 and 1.7.8.9 contain a fix for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30838
reference_id
reference_type
scores
0
value 0.01375
scoring_system epss
scoring_elements 0.80656
published_at 2026-06-11T12:55:00Z
1
value 0.01375
scoring_system epss
scoring_elements 0.80716
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30838
1
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.9
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.9
2
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/8.0.4
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/releases/tag/8.0.4
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30838
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30838
4
reference_url https://github.com/PrestaShop/PrestaShop/commit/46408ae4b02f3b8b1bb6e9dc63af5bcd858abd9c
reference_id 46408ae4b02f3b8b1bb6e9dc63af5bcd858abd9c
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T19:34:44Z/
url https://github.com/PrestaShop/PrestaShop/commit/46408ae4b02f3b8b1bb6e9dc63af5bcd858abd9c
5
reference_url https://github.com/PrestaShop/PrestaShop/commit/dc682192df0e4b0d656a8e645b29ca1b9dbe3693
reference_id dc682192df0e4b0d656a8e645b29ca1b9dbe3693
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T19:34:44Z/
url https://github.com/PrestaShop/PrestaShop/commit/dc682192df0e4b0d656a8e645b29ca1b9dbe3693
6
reference_url https://github.com/advisories/GHSA-fh7r-996q-gvcp
reference_id GHSA-fh7r-996q-gvcp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh7r-996q-gvcp
7
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-fh7r-996q-gvcp
reference_id GHSA-fh7r-996q-gvcp
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T19:34:44Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-fh7r-996q-gvcp
fixed_packages
0
url pkg:composer/prestashop/prestashop@1.7.8%2B9
purl pkg:composer/prestashop/prestashop@1.7.8%2B9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8%252B9
1
url pkg:composer/prestashop/prestashop@8.0.0-beta.1
purl pkg:composer/prestashop/prestashop@8.0.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-jcjb-wz39-4ye2
8
vulnerability VCID-mesw-xwzr-7ye5
9
vulnerability VCID-pvev-hxcv-6qce
10
vulnerability VCID-r84m-w6vx-due5
11
vulnerability VCID-rwcm-bgj9-8fep
12
vulnerability VCID-s29x-44jz-j3af
13
vulnerability VCID-uy9r-8mcd-cufw
14
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.0.0-beta.1
2
url pkg:composer/prestashop/prestashop@8.0.4
purl pkg:composer/prestashop/prestashop@8.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-etd8-pjky-7qam
7
vulnerability VCID-hkr3-rvxd-jubb
8
vulnerability VCID-jcjb-wz39-4ye2
9
vulnerability VCID-mesw-xwzr-7ye5
10
vulnerability VCID-pvev-hxcv-6qce
11
vulnerability VCID-r84m-w6vx-due5
12
vulnerability VCID-rwcm-bgj9-8fep
13
vulnerability VCID-txxt-nf7w-w3gp
14
vulnerability VCID-uy9r-8mcd-cufw
15
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.0.4
3
url pkg:composer/prestashop/prestashop@8.1.0-beta.1
purl pkg:composer/prestashop/prestashop@8.1.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-jcjb-wz39-4ye2
8
vulnerability VCID-mesw-xwzr-7ye5
9
vulnerability VCID-pvev-hxcv-6qce
10
vulnerability VCID-r84m-w6vx-due5
11
vulnerability VCID-rwcm-bgj9-8fep
12
vulnerability VCID-uy9r-8mcd-cufw
13
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.0-beta.1
aliases CVE-2023-30838, GHSA-fh7r-996q-gvcp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-am1v-rf8j-b7ae
4
url VCID-azu3-487t-53aw
vulnerability_id VCID-azu3-487t-53aw
summary PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting (XSS) vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The payload is stored in the database and executed when a back-office employee opens the affected customer thread, enabling session hijacking and full back-office takeover. This vulnerability is fixed in 8.2.6 and 9.1.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44212
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06303
published_at 2026-06-12T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.06283
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44212
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44212
reference_id CVE-2026-44212
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-44212
2
reference_url https://github.com/advisories/GHSA-w9f3-qc75-qgx9
reference_id GHSA-w9f3-qc75-qgx9
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w9f3-qc75-qgx9
3
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-w9f3-qc75-qgx9
reference_id GHSA-w9f3-qc75-qgx9
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-15T13:33:59Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-w9f3-qc75-qgx9
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.2.6
purl pkg:composer/prestashop/prestashop@8.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.2.6
1
url pkg:composer/prestashop/prestashop@9.1.1
purl pkg:composer/prestashop/prestashop@9.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@9.1.1
aliases CVE-2026-44212, GHSA-w9f3-qc75-qgx9
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azu3-487t-53aw
5
url VCID-bjh8-pmaq-rba1
vulnerability_id VCID-bjh8-pmaq-rba1
summary PrestaShop is an open source e-commerce web application. Prior to 8.2.4 and 9.0.3, there is a time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by measuring response times. This vulnerability is fixed in 8.2.4 and 9.0.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25597
reference_id
reference_type
scores
0
value 0.0007
scoring_system epss
scoring_elements 0.21834
published_at 2026-06-12T12:55:00Z
1
value 0.0007
scoring_system epss
scoring_elements 0.21646
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25597
1
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.4
reference_id 8.2.4
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:22:00Z/
url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.4
2
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/9.0.3
reference_id 9.0.3
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:22:00Z/
url https://github.com/PrestaShop/PrestaShop/releases/tag/9.0.3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25597
reference_id CVE-2026-25597
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25597
4
reference_url https://github.com/advisories/GHSA-67v7-3g49-mxh2
reference_id GHSA-67v7-3g49-mxh2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-67v7-3g49-mxh2
5
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-67v7-3g49-mxh2
reference_id GHSA-67v7-3g49-mxh2
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:22:00Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-67v7-3g49-mxh2
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.2.4
purl pkg:composer/prestashop/prestashop@8.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azu3-487t-53aw
1
vulnerability VCID-mesw-xwzr-7ye5
2
vulnerability VCID-r84m-w6vx-due5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.2.4
1
url pkg:composer/prestashop/prestashop@9.0.3
purl pkg:composer/prestashop/prestashop@9.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azu3-487t-53aw
1
vulnerability VCID-mesw-xwzr-7ye5
2
vulnerability VCID-r84m-w6vx-due5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@9.0.3
2
url pkg:composer/prestashop/prestashop@9.1.0-beta.1
purl pkg:composer/prestashop/prestashop@9.1.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azu3-487t-53aw
1
vulnerability VCID-mesw-xwzr-7ye5
2
vulnerability VCID-r84m-w6vx-due5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@9.1.0-beta.1
aliases CVE-2026-25597, GHSA-67v7-3g49-mxh2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bjh8-pmaq-rba1
6
url VCID-bweb-xxh2-b7df
vulnerability_id VCID-bweb-xxh2-b7df
summary PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39529
reference_id
reference_type
scores
0
value 0.0092
scoring_system epss
scoring_elements 0.76419
published_at 2026-06-11T12:55:00Z
1
value 0.0092
scoring_system epss
scoring_elements 0.76488
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39529
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39529
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39529
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/b08c647305dc1e9e6a2445b724d13a9733b6ed82
reference_id b08c647305dc1e9e6a2445b724d13a9733b6ed82
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:01:08Z/
url https://github.com/PrestaShop/PrestaShop/commit/b08c647305dc1e9e6a2445b724d13a9733b6ed82
3
reference_url https://github.com/advisories/GHSA-2rf5-3fw8-qm47
reference_id GHSA-2rf5-3fw8-qm47
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2rf5-3fw8-qm47
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-2rf5-3fw8-qm47
reference_id GHSA-2rf5-3fw8-qm47
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:01:08Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-2rf5-3fw8-qm47
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.1.1
purl pkg:composer/prestashop/prestashop@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-5f1j-3t9n-7kf7
3
vulnerability VCID-azu3-487t-53aw
4
vulnerability VCID-bjh8-pmaq-rba1
5
vulnerability VCID-cvjc-r4wd-1uah
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-mesw-xwzr-7ye5
8
vulnerability VCID-r84m-w6vx-due5
9
vulnerability VCID-uy9r-8mcd-cufw
10
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.1
aliases CVE-2023-39529, GHSA-2rf5-3fw8-qm47
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bweb-xxh2-b7df
7
url VCID-d4nk-jn4h-nfcm
vulnerability_id VCID-d4nk-jn4h-nfcm
summary PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the `displayAjaxEmailHTML` method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39528
reference_id
reference_type
scores
0
value 0.00845
scoring_system epss
scoring_elements 0.75224
published_at 2026-06-11T12:55:00Z
1
value 0.00845
scoring_system epss
scoring_elements 0.75295
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39528
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39528
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39528
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/11de3a84322fa4ecd0995ac40d575db61804724c
reference_id 11de3a84322fa4ecd0995ac40d575db61804724c
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:01:14Z/
url https://github.com/PrestaShop/PrestaShop/commit/11de3a84322fa4ecd0995ac40d575db61804724c
3
reference_url https://github.com/advisories/GHSA-hpf4-v7v2-95p2
reference_id GHSA-hpf4-v7v2-95p2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hpf4-v7v2-95p2
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hpf4-v7v2-95p2
reference_id GHSA-hpf4-v7v2-95p2
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:01:14Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hpf4-v7v2-95p2
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.1.1
purl pkg:composer/prestashop/prestashop@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-5f1j-3t9n-7kf7
3
vulnerability VCID-azu3-487t-53aw
4
vulnerability VCID-bjh8-pmaq-rba1
5
vulnerability VCID-cvjc-r4wd-1uah
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-mesw-xwzr-7ye5
8
vulnerability VCID-r84m-w6vx-due5
9
vulnerability VCID-uy9r-8mcd-cufw
10
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.1
aliases CVE-2023-39528, GHSA-hpf4-v7v2-95p2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d4nk-jn4h-nfcm
8
url VCID-hkr3-rvxd-jubb
vulnerability_id VCID-hkr3-rvxd-jubb
summary PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43663
reference_id
reference_type
scores
0
value 0.00102
scoring_system epss
scoring_elements 0.27767
published_at 2026-06-12T12:55:00Z
1
value 0.00102
scoring_system epss
scoring_elements 0.27565
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43663
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43663
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-43663
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/ce1f67083537194e974caf86c57e547a0aaa46cd
reference_id ce1f67083537194e974caf86c57e547a0aaa46cd
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-20T17:48:09Z/
url https://github.com/PrestaShop/PrestaShop/commit/ce1f67083537194e974caf86c57e547a0aaa46cd
3
reference_url https://github.com/advisories/GHSA-6jmf-2pfc-q9m7
reference_id GHSA-6jmf-2pfc-q9m7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6jmf-2pfc-q9m7
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6jmf-2pfc-q9m7
reference_id GHSA-6jmf-2pfc-q9m7
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-20T17:48:09Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6jmf-2pfc-q9m7
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.1.2
purl pkg:composer/prestashop/prestashop@8.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-5f1j-3t9n-7kf7
3
vulnerability VCID-azu3-487t-53aw
4
vulnerability VCID-bjh8-pmaq-rba1
5
vulnerability VCID-cvjc-r4wd-1uah
6
vulnerability VCID-mesw-xwzr-7ye5
7
vulnerability VCID-r84m-w6vx-due5
8
vulnerability VCID-uy9r-8mcd-cufw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.2
aliases CVE-2023-43663, GHSA-6jmf-2pfc-q9m7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hkr3-rvxd-jubb
9
url VCID-jcjb-wz39-4ye2
vulnerability_id VCID-jcjb-wz39-4ye2
summary PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39525
reference_id
reference_type
scores
0
value 0.01304
scoring_system epss
scoring_elements 0.80178
published_at 2026-06-11T12:55:00Z
1
value 0.01304
scoring_system epss
scoring_elements 0.80239
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39525
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39525
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39525
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/c7c9a5110421bb2856f4d312ecce192d079b5ec7
reference_id c7c9a5110421bb2856f4d312ecce192d079b5ec7
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:19:54Z/
url https://github.com/PrestaShop/PrestaShop/commit/c7c9a5110421bb2856f4d312ecce192d079b5ec7
3
reference_url https://github.com/advisories/GHSA-m9r4-3fg7-pqm2
reference_id GHSA-m9r4-3fg7-pqm2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m9r4-3fg7-pqm2
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-m9r4-3fg7-pqm2
reference_id GHSA-m9r4-3fg7-pqm2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:19:54Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-m9r4-3fg7-pqm2
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.1.1
purl pkg:composer/prestashop/prestashop@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-5f1j-3t9n-7kf7
3
vulnerability VCID-azu3-487t-53aw
4
vulnerability VCID-bjh8-pmaq-rba1
5
vulnerability VCID-cvjc-r4wd-1uah
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-mesw-xwzr-7ye5
8
vulnerability VCID-r84m-w6vx-due5
9
vulnerability VCID-uy9r-8mcd-cufw
10
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.1
aliases CVE-2023-39525, GHSA-m9r4-3fg7-pqm2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jcjb-wz39-4ye2
10
url VCID-mesw-xwzr-7ye5
vulnerability_id VCID-mesw-xwzr-7ye5
summary PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33674
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.08624
published_at 2026-06-11T12:55:00Z
1
value 0.00028
scoring_system epss
scoring_elements 0.08665
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33674
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33674
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33674
2
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5
reference_id 8.2.5
reference_type
scores
0
value 2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
1
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:44:11Z/
url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5
3
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0
reference_id 9.1.0
reference_type
scores
0
value 2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
1
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:44:11Z/
url https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0
4
reference_url https://github.com/advisories/GHSA-283w-xf3q-788v
reference_id GHSA-283w-xf3q-788v
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-283w-xf3q-788v
5
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v
reference_id GHSA-283w-xf3q-788v
reference_type
scores
0
value 2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
1
value 2.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
2
value LOW
scoring_system cvssv3.1_qr
scoring_elements
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:44:11Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.2.5
purl pkg:composer/prestashop/prestashop@8.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azu3-487t-53aw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.2.5
1
url pkg:composer/prestashop/prestashop@9.1.0
purl pkg:composer/prestashop/prestashop@9.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azu3-487t-53aw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@9.1.0
aliases CVE-2026-33674, GHSA-283w-xf3q-788v
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mesw-xwzr-7ye5
11
url VCID-pvev-hxcv-6qce
vulnerability_id VCID-pvev-hxcv-6qce
summary PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete files from the server via the CustomerMessage API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39530
reference_id
reference_type
scores
0
value 0.00996
scoring_system epss
scoring_elements 0.77376
published_at 2026-06-11T12:55:00Z
1
value 0.00996
scoring_system epss
scoring_elements 0.77446
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39530
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39530
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39530
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/6ce750b2367a7309b6bf50166f1873cb86ad57e9
reference_id 6ce750b2367a7309b6bf50166f1873cb86ad57e9
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T17:33:05Z/
url https://github.com/PrestaShop/PrestaShop/commit/6ce750b2367a7309b6bf50166f1873cb86ad57e9
3
reference_url https://github.com/advisories/GHSA-v4gr-v679-42p7
reference_id GHSA-v4gr-v679-42p7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v4gr-v679-42p7
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-v4gr-v679-42p7
reference_id GHSA-v4gr-v679-42p7
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T17:33:05Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-v4gr-v679-42p7
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.1.1
purl pkg:composer/prestashop/prestashop@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-5f1j-3t9n-7kf7
3
vulnerability VCID-azu3-487t-53aw
4
vulnerability VCID-bjh8-pmaq-rba1
5
vulnerability VCID-cvjc-r4wd-1uah
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-mesw-xwzr-7ye5
8
vulnerability VCID-r84m-w6vx-due5
9
vulnerability VCID-uy9r-8mcd-cufw
10
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.1
aliases CVE-2023-39530, GHSA-v4gr-v679-42p7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pvev-hxcv-6qce
12
url VCID-r84m-w6vx-due5
vulnerability_id VCID-r84m-w6vx-due5
summary PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting (stored XSS) vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability, can exploit unprotected variables in back-office templates. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33673
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04197
published_at 2026-06-11T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.0421
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33673
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33673
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33673
2
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5
reference_id 8.2.5
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-27T20:27:27Z/
url https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5
3
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0
reference_id 9.1.0
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-27T20:27:27Z/
url https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0
4
reference_url https://github.com/advisories/GHSA-35pf-37c6-jxjv
reference_id GHSA-35pf-37c6-jxjv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-35pf-37c6-jxjv
5
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-35pf-37c6-jxjv
reference_id GHSA-35pf-37c6-jxjv
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-27T20:27:27Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-35pf-37c6-jxjv
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.2.5
purl pkg:composer/prestashop/prestashop@8.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azu3-487t-53aw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.2.5
1
url pkg:composer/prestashop/prestashop@9.1.0
purl pkg:composer/prestashop/prestashop@9.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azu3-487t-53aw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@9.1.0
aliases CVE-2026-33673, GHSA-35pf-37c6-jxjv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r84m-w6vx-due5
13
url VCID-rwcm-bgj9-8fep
vulnerability_id VCID-rwcm-bgj9-8fep
summary PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO's product page. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39524
reference_id
reference_type
scores
0
value 0.00432
scoring_system epss
scoring_elements 0.63136
published_at 2026-06-11T12:55:00Z
1
value 0.00432
scoring_system epss
scoring_elements 0.63237
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39524
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39524
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39524
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/2047d4c053043102bc46a37d383b392704bf14d7
reference_id 2047d4c053043102bc46a37d383b392704bf14d7
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:20:18Z/
url https://github.com/PrestaShop/PrestaShop/commit/2047d4c053043102bc46a37d383b392704bf14d7
3
reference_url https://github.com/advisories/GHSA-75p5-jwx4-qw9h
reference_id GHSA-75p5-jwx4-qw9h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-75p5-jwx4-qw9h
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-75p5-jwx4-qw9h
reference_id GHSA-75p5-jwx4-qw9h
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T16:20:18Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-75p5-jwx4-qw9h
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.1.1
purl pkg:composer/prestashop/prestashop@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-5f1j-3t9n-7kf7
3
vulnerability VCID-azu3-487t-53aw
4
vulnerability VCID-bjh8-pmaq-rba1
5
vulnerability VCID-cvjc-r4wd-1uah
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-mesw-xwzr-7ye5
8
vulnerability VCID-r84m-w6vx-due5
9
vulnerability VCID-uy9r-8mcd-cufw
10
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.1
aliases CVE-2023-39524, GHSA-75p5-jwx4-qw9h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rwcm-bgj9-8fep
14
url VCID-s29x-44jz-j3af
vulnerability_id VCID-s29x-44jz-j3af
summary PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery (CSRF). When authenticating users, PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enable same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. The problem is fixed in version 8.0.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25170
reference_id
reference_type
scores
0
value 0.00137
scoring_system epss
scoring_elements 0.33681
published_at 2026-06-12T12:55:00Z
1
value 0.00137
scoring_system epss
scoring_elements 0.33501
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25170
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25170
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25170
2
reference_url https://github.com/advisories/GHSA-3g43-x7qr-96ph
reference_id GHSA-3g43-x7qr-96ph
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3g43-x7qr-96ph
3
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-3g43-x7qr-96ph
reference_id GHSA-3g43-x7qr-96ph
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:29:46Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-3g43-x7qr-96ph
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.0.1
purl pkg:composer/prestashop/prestashop@8.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-98tm-6u1z-d3cz
3
vulnerability VCID-am1v-rf8j-b7ae
4
vulnerability VCID-azu3-487t-53aw
5
vulnerability VCID-bjh8-pmaq-rba1
6
vulnerability VCID-bweb-xxh2-b7df
7
vulnerability VCID-d4nk-jn4h-nfcm
8
vulnerability VCID-etd8-pjky-7qam
9
vulnerability VCID-hkr3-rvxd-jubb
10
vulnerability VCID-jcjb-wz39-4ye2
11
vulnerability VCID-mesw-xwzr-7ye5
12
vulnerability VCID-pvev-hxcv-6qce
13
vulnerability VCID-r84m-w6vx-due5
14
vulnerability VCID-rwcm-bgj9-8fep
15
vulnerability VCID-txxt-nf7w-w3gp
16
vulnerability VCID-u5mm-6rsb-xfbh
17
vulnerability VCID-uy9r-8mcd-cufw
18
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.0.1
aliases CVE-2023-25170, GHSA-3g43-x7qr-96ph
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s29x-44jz-j3af
15
url VCID-u5mm-6rsb-xfbh
vulnerability_id VCID-u5mm-6rsb-xfbh
summary PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30839
reference_id
reference_type
scores
0
value 0.04563
scoring_system epss
scoring_elements 0.89443
published_at 2026-06-11T12:55:00Z
1
value 0.04563
scoring_system epss
scoring_elements 0.89478
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30839
1
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.9
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.9
2
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/8.0.4
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/releases/tag/8.0.4
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30839
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30839
4
reference_url https://github.com/PrestaShop/PrestaShop/commit/0f2a9b7fdd42d1dd3b21d4fad586a849642f3c30
reference_id 0f2a9b7fdd42d1dd3b21d4fad586a849642f3c30
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:07:54Z/
url https://github.com/PrestaShop/PrestaShop/commit/0f2a9b7fdd42d1dd3b21d4fad586a849642f3c30
5
reference_url https://github.com/PrestaShop/PrestaShop/commit/d1d27dc371599713c912b71bc2a455cacd7f2149
reference_id d1d27dc371599713c912b71bc2a455cacd7f2149
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:07:54Z/
url https://github.com/PrestaShop/PrestaShop/commit/d1d27dc371599713c912b71bc2a455cacd7f2149
6
reference_url https://github.com/advisories/GHSA-p379-cxqh-q822
reference_id GHSA-p379-cxqh-q822
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p379-cxqh-q822
7
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-p379-cxqh-q822
reference_id GHSA-p379-cxqh-q822
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:07:54Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-p379-cxqh-q822
fixed_packages
0
url pkg:composer/prestashop/prestashop@1.7.8%2B9
purl pkg:composer/prestashop/prestashop@1.7.8%2B9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8%252B9
1
url pkg:composer/prestashop/prestashop@8.0.0-beta.1
purl pkg:composer/prestashop/prestashop@8.0.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-jcjb-wz39-4ye2
8
vulnerability VCID-mesw-xwzr-7ye5
9
vulnerability VCID-pvev-hxcv-6qce
10
vulnerability VCID-r84m-w6vx-due5
11
vulnerability VCID-rwcm-bgj9-8fep
12
vulnerability VCID-s29x-44jz-j3af
13
vulnerability VCID-uy9r-8mcd-cufw
14
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.0.0-beta.1
2
url pkg:composer/prestashop/prestashop@8.0.4
purl pkg:composer/prestashop/prestashop@8.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-etd8-pjky-7qam
7
vulnerability VCID-hkr3-rvxd-jubb
8
vulnerability VCID-jcjb-wz39-4ye2
9
vulnerability VCID-mesw-xwzr-7ye5
10
vulnerability VCID-pvev-hxcv-6qce
11
vulnerability VCID-r84m-w6vx-due5
12
vulnerability VCID-rwcm-bgj9-8fep
13
vulnerability VCID-txxt-nf7w-w3gp
14
vulnerability VCID-uy9r-8mcd-cufw
15
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.0.4
3
url pkg:composer/prestashop/prestashop@8.1.0-beta.1
purl pkg:composer/prestashop/prestashop@8.1.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-azu3-487t-53aw
3
vulnerability VCID-bjh8-pmaq-rba1
4
vulnerability VCID-bweb-xxh2-b7df
5
vulnerability VCID-d4nk-jn4h-nfcm
6
vulnerability VCID-hkr3-rvxd-jubb
7
vulnerability VCID-jcjb-wz39-4ye2
8
vulnerability VCID-mesw-xwzr-7ye5
9
vulnerability VCID-pvev-hxcv-6qce
10
vulnerability VCID-r84m-w6vx-due5
11
vulnerability VCID-rwcm-bgj9-8fep
12
vulnerability VCID-uy9r-8mcd-cufw
13
vulnerability VCID-wjfd-3ceu-puad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.0-beta.1
aliases CVE-2023-30839, GHSA-p379-cxqh-q822
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u5mm-6rsb-xfbh
16
url VCID-wjfd-3ceu-puad
vulnerability_id VCID-wjfd-3ceu-puad
summary PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This issue has been addressed in commit `15bd281c` which is included in version 8.1.2. Users are advised to upgrade. There are no known workaround for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43664
reference_id
reference_type
scores
0
value 0.00239
scoring_system epss
scoring_elements 0.47243
published_at 2026-06-11T12:55:00Z
1
value 0.00239
scoring_system epss
scoring_elements 0.47385
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43664
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43664
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-43664
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/15bd281c18f032a5134a8d213b44d24829d45762
reference_id 15bd281c18f032a5134a8d213b44d24829d45762
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-20T17:48:03Z/
url https://github.com/PrestaShop/PrestaShop/commit/15bd281c18f032a5134a8d213b44d24829d45762
3
reference_url https://github.com/advisories/GHSA-gvrg-62jp-rf7j
reference_id GHSA-gvrg-62jp-rf7j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gvrg-62jp-rf7j
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gvrg-62jp-rf7j
reference_id GHSA-gvrg-62jp-rf7j
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-20T17:48:03Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gvrg-62jp-rf7j
fixed_packages
0
url pkg:composer/prestashop/prestashop@8.1.2
purl pkg:composer/prestashop/prestashop@8.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bnh-9kn6-4qcd
1
vulnerability VCID-4cjs-wwx4-k7ew
2
vulnerability VCID-5f1j-3t9n-7kf7
3
vulnerability VCID-azu3-487t-53aw
4
vulnerability VCID-bjh8-pmaq-rba1
5
vulnerability VCID-cvjc-r4wd-1uah
6
vulnerability VCID-mesw-xwzr-7ye5
7
vulnerability VCID-r84m-w6vx-due5
8
vulnerability VCID-uy9r-8mcd-cufw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@8.1.2
aliases CVE-2023-43664, GHSA-gvrg-62jp-rf7j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wjfd-3ceu-puad
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8.8