Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (108 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-5800 1 Prestashop 2 Ebay Module, Prestashop 2024-08-06 N/A
The eBay module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2012-5799 2 Prestashop, Presto-changeo 2 Prestashop, Canadapost 2024-08-06 N/A
The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function.
CVE-2012-5801 1 Prestashop 2 Ebay, Prestashop 2024-08-06 N/A
The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function.
CVE-2012-2517 1 Prestashop 1 Prestashop 2024-08-06 6.1 Medium
Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php.
CVE-2013-6358 1 Prestashop 1 Prestashop 2024-08-06 8.8 High
PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory.
CVE-2013-6295 1 Prestashop 1 Prestashop 2024-08-06 9.8 Critical
PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module
CVE-2013-4792 1 Prestashop 1 Prestashop 2024-08-06 5.5 Medium
PrestaShop before 1.4.11 allows logout CSRF.
CVE-2013-4791 1 Prestashop 1 Prestashop 2024-08-06 5.4 Medium
PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE.