prestashop/prestashop vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-44212Criticalprestashop/prestashop: PrestaShop has a stored XSS executable in customer service viewCVE-2026-33673Highprestashop/prestashop: PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variablesCVE-2026-33674Lowprestashop/prestashop: PrestaShop: Improper Use of Validation FrameworkCVE-2026-25597Mediumprestashop/prestashop: PrestaShop affected by time based enumeration in FO login formCVE-2025-51586Mediumprestashop/prestashop: Presta Shop vulnerable to email enumeration CVE-2024-34717Mediumprestashop/prestashop: Anonymous PrestaShop customer can download other customers' invoicesCVE-2024-34716Criticalprestashop/prestashop: PrestaShop cross-site scripting via customer contact form in FO, through file uploadCVE-2024-26129Mediumprestashop/prestashop: Path disclosure in JavaScript variableCVE-2024-21628Mediumprestashop/prestashop: PrestaShop XSS can be stored in DB from "add a message form" in order detail page (FO)CVE-2024-21627Highprestashop/prestashop: PrestaShop some attribute not escaped in Validate::isCleanHTML methodCVE-2023-43663Mediumprestashop/prestashop: PrestaShop allows users to uninstall modules from backoffice, even with low rightsCVE-2023-43664Mediumprestashop/prestashop: PrestaShop allows employee without any access rights to list all installed modulesCVE-2023-39530Mediumprestashop/prestashop: PrestaShop file deletion via CustomerMessageCVE-2023-39529Mediumprestashop/prestashop: PrestaShop file deletion via attachment APICVE-2023-39528Mediumprestashop/prestashop: PrestaShop file access through path traversalCVE-2023-39527Highprestashop/prestashop: PrestaShop XSS injection through Validate::isCleanHTML methodCVE-2023-39526Criticalprestashop/prestashop: PrestaShop SQL manager vulnerabilityCVE-2023-39525Mediumprestashop/prestashop: PrestaShop path traversalCVE-2023-39524Mediumprestashop/prestashop: PrestaShop boolean SQL injectionCVE-2023-30545Highprestashop/prestashop: Arbitrary file read via SQL injectionCVE-2023-30838Highprestashop/prestashop: Possible XSS injection through Validate::isCleanHTML methodCVE-2023-30839Criticalprestashop/prestashop: SQL filter bypass leading to arbitrary write requests using "SQL Manager"CVE-2023-25170Mediumprestashop/prestashop: Possible CSRF token fixationCVE-2022-46158Mediumprestashop/prestashop: PrestaShop has potential Information exposure in the upload directoryCVE-2022-31181Criticalprestashop/prestashop: PrestaShop eval injection possible if shop vulnerable to SQL injection

Stop the waste.
Protect your environment with Kodem.