Thomas BACCELLI

3 exploits Active since Mar 2021
CVE-2022-31101 WRITEUP HIGH WRITEUP
PrestaShop blockwishlist < 2.1.1 - Authenticated SQL Injection
prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS 8.1
CVE-2021-21418 WRITEUP MEDIUM WRITEUP
PrestaShop ps_emailsubscription < 2.6.1 - Stored Cross-Site Scripting in Newsletter Condition Field
ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1
CVSS 4.6
CVE-2022-35933 WRITEUP MEDIUM WRITEUP
PrestaShop Product Comments < 5.0.2 - Stored Cross-Site Scripting
This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2.
CVSS 6.1