prestashop/prestashop Security Advisories for 8.1.2 (4)
-
[CRITICAL] PrestaShop cross-site scripting via customer contact form in FO, through file upload
PKSA-rpv3-t4jm-bhkm CVE-2024-34716 GHSA-45vm-3j38-7p78
Affected version: >=8.1.0,<8.1.6
Reported by:
GitHub -
[MEDIUM] Path disclosure in JavaScript variable
PKSA-p3pd-yr3j-9ty2 CVE-2024-26129 GHSA-3366-9287-7qpr
Affected version: >=8.1.0,<8.1.4
Reported by:
GitHub -
[MEDIUM] PrestaShop XSS can be stored in DB from "add a message form" in order detail page (FO)
PKSA-8wzq-y3v5-3bpw CVE-2024-21628 GHSA-vr7m-r9vm-m4wf
Affected version: <8.1.3
Reported by:
GitHub -
[HIGH] PrestaShop some attribute not escaped in Validate::isCleanHTML method
PKSA-vxgv-fr1x-84x2 CVE-2024-21627 GHSA-xgpm-q3mq-46rq
Affected version: <1.7.8.11|>=8.0.0-beta.1,<8.1.3
Reported by:
GitHub