PrestaShop 8.1.0
Approved changes feed: RSS · Atom
cpe:2.3:a:prestashop:prestashop:8.1.0:*:*:*:*:*:*:*
part: a version: 8.1.0 update: *
| Vendor | Prestashop (236a7260-6e18-5f0f-b33a-a013be210d8c) |
|---|---|
| Product | Prestashop (c9530676-cecc-5a16-afb2-ff937ae35f7e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:composer/prestashop/prestashop |
purl2cpe | 2026-06-01 10:15:07.972141 |
pkg:docker/prestashop/prestashop |
purl2cpe | 2026-06-01 10:15:07.972142 |
pkg:github/prestashop/prestashop |
purl2cpe | 2026-06-01 10:15:07.972144 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-34717 |
vulnerable | 2026-06-03 14:55:55.175884 |
Anonymous PrestaShop customer can download other customers' invoices
MEDIUM (5.3)
PrestaShop is an open source e-commerce web application. In PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random secure_key parameter in the url. This issue is patched in version 8.1.6. No known workarounds are available.
Published: 2024-05-14T15:47:27.265Z
Updated: 2024-08-02T02:59:22.270Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-26129 |
vulnerable | 2026-06-03 14:55:14.838001 |
Prestashop vulnerable to path disclosure in JavaScript variable
MEDIUM (5.8)
PrestaShop is an open-source e-commerce platform. Starting in version 8.1.0 and prior to version 8.1.4, PrestaShop is vulnerable to path disclosure in a JavaScript variable. A patch is available in version 8.1.4.
Published: 2024-02-19T21:59:54.426Z
Updated: 2024-08-01T23:59:32.697Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39527 |
vulnerable | 2026-06-03 14:52:39.154299 |
PrestaShop XSS vulnerability through Validate::isCleanHTML method
HIGH (8.3)
PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the `isCleanHTML` method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.
Published: 2023-08-07T20:32:45.203Z
Updated: 2024-10-03T16:15:18.378Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39526 |
vulnerable | 2026-06-03 14:52:39.153665 |
PrestaShopSQL manager vulnerability (potential RCE)
CRITICAL (9.1)
PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.
Published: 2023-08-07T20:28:59.051Z
Updated: 2024-10-10T19:06:10.065Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.