129 matches found
BIT-PRESTASHOP-2026-44212 PrestaShop: Stored XSS executable in customer service view
PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The...
Cross-site Scripting (XSS)
PrestaShop is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied email input in the Contact Us form, which allows an attacker to inject malicious scripts that execute when a back-office employee views the customer service thread...
CVE-2026-44212
PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The...
CVE-2026-44212
PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The...
CVE-2026-44212 PrestaShop: Stored XSS executable in customer service view
PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The...
CVE-2026-44212 PrestaShop: Stored XSS executable in customer service view
PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The...
CVE-2026-44212
CVE-2026-44212 concerns PrestaShop's back-office Customer Service view. A stored XSS exists where an unauthenticated attacker can submit the public Contact Us form with a malicious email; the payload is stored in the database and executes when a back-office employee opens the affected customer th...
EUVD-2026-30481
PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The...
GHSA-W9F3-QC75-QGX9 PrestaShop has a stored XSS executable in customer service view
Impact This is a stored Cross-site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The payload is stored in the database and executed when a back-office employee open...
Cross-site Scripting (XSS)
Overview prestashop/prestashop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Customer Service view process. An attacker can...
PT-2026-39239
Name of the Vulnerable Software and Affected Versions PrestaShop versions prior to 8.2.6 PrestaShop versions prior to 9.1.1 Description A stored Cross-site Scripting XSS issue exists in the back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form using ...
cskefu(春松客服) 跨站脚本漏洞
cskefu Chunsong Customer Service is an open-source, free intelligent customer service system developed by Chatopera in China. Versions of cskefu prior to 8.0.1 contained a cross-site scripting vulnerability. This vulnerability originated from a cross-site scripting issue in the Upload function of...
CVE-2025-62182
Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file upload vulnerability, where a privileged user could potentially upload a malicious file...
CVE-2025-62182
Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file upload vulnerability, where a privileged user could potentially upload a malicious file...
CVE-2025-62182 Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file upload vulnerability, where a privileged user could potentially upload a malicious file.
Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file upload vulnerability, where a privileged user could potentially upload a malicious file...
CVE-2025-62182
The CVE-2025-62182 entry affects Pega Customer Service Framework versions 8.7.0 through 25.1.0 and is due to an unrestricted file upload vulnerability that could allow a privileged user to upload a malicious file. Reported by multiple sources (Red Hat, NVD, CIRCL, CNNVD, PT Security) with consist...
CVE-2025-62182 Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file upload vulnerability, where a privileged user could potentially upload a malicious file.
Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file upload vulnerability, where a privileged user could potentially upload a malicious file...
PT-2026-2483
Name of the Vulnerable Software and Affected Versions Pega Customer Service Framework versions 8.7.0 through 25.1.0 Description A flaw exists in Pega Customer Service Framework that allows a privileged user to upload a malicious file due to an unrestricted file upload. Recommendations Update Pega...
Pega Customer Service Framework 安全漏洞
Pega Customer Service Framework is a customer service framework from Pega Corporation in the United States. A security vulnerability exists in Pega Customer Service Framework versions 8.7.0 through 25.1.0, which originates from an unrestricted file upload and could allow a privileged user to uplo...
EUVD-2021-11534
Malware in sbrugna...