PrestaShop/PrestaShop

採点内訳

※ 各項目の重みは「採点ルール」を参照。合計は 0 で底打ち。

過去の SecurityAdvisory (20 件)

• CRITICALGHSA-w9f3-qc75-qgx9CVE-2026-442122026/5/4
  CWE-79: Stored XSS executable in customer service view
• HIGHGHSA-35pf-37c6-jxjvCVE-2026-336732026/3/23
  CWE 79: Prevent multiple stored xss exploitation via unprotected variables in template
• LOWGHSA-283w-xf3q-788vCVE-2026-336742026/3/23
  Fix improper use of validation framework (CWE-1173)
• MEDIUMGHSA-67v7-3g49-mxh2CVE-2026-255972026/2/3
  Time based enumeration in FO login form
• MEDIUMGHSA-8xx5-h6m3-jr33CVE-2025-515862025/9/4
  Email enumeration
• CRITICALGHSA-45vm-3j38-7p78CVE-2024-347162024/5/14
  XSS via customer contact form in FO, through file upload
• MEDIUMGHSA-7pjr-2rgh-fc5gCVE-2024-347172024/5/14
  Anonymous customer can download other customers's invoices
• MEDIUMGHSA-3366-9287-7qprCVE-2024-261292024/2/19
  Path disclosure in JavaScript variable
• MEDIUMGHSA-vr7m-r9vm-m4wfCVE-2024-216282024/1/2
  XSS can be stored in DB from "add a message form" in order detail page (FO)
• HIGHGHSA-xgpm-q3mq-46rqCVE-2024-216272024/1/2
  Some attribute not escaped in Validate::isCleanHTML method
• MEDIUMGHSA-gvrg-62jp-rf7jCVE-2023-436642023/9/28
  Employee without any access rights can list all installed modules
• MEDIUMGHSA-6jmf-2pfc-q9m7CVE-2023-436632023/9/28
  Uninstall modules from backoffice, even with low rights
• MEDIUMGHSA-v4gr-v679-42p7CVE-2023-395302023/8/7
  File deletion via CustomerMessage
• MEDIUMGHSA-2rf5-3fw8-qm47CVE-2023-395292023/8/7
  File deletion via attachment API
• CRITICALGHSA-hpf4-v7v2-95p2CVE-2023-395282023/8/7
  Reading a file through path traversal
• HIGHGHSA-xw2r-f8xv-c8xpCVE-2023-395272023/8/7
  New possible XSS injection through Validate::isCleanHTML method
• CRITICALGHSA-gf46-prm4-56pcCVE-2023-395262023/8/7
  SQL manager vulnerability (potential RCE)
• MEDIUMGHSA-m9r4-3fg7-pqm2CVE-2023-395252023/8/7
  path traversal: file deletion
• MEDIUMGHSA-75p5-jwx4-qw9hCVE-2023-395242023/8/7
  SQL injection possible in search product in BO
• CRITICALGHSA-p379-cxqh-q822CVE-2023-308392023/4/25
  SQL filter bypass leading to arbitrary write requests using "SQL Manager"