244 matches found
PrestaShop - Information Disclosure
User enumeration vulnerability in the AdminLogin controller in PrestaShop 1.7 through 8.2.2 allows remote attackers to obtain administrators user email addresses via manipulation of the idemployee and resettoken parameters. An attacker who has access to the Back Office login URL can trigger the...
CVE-2026-44212
PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The...
Cross-site Scripting (XSS)
PrestaShop is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied email input in the Contact Us form, which allows an attacker to inject malicious scripts that execute when a back-office employee views the customer service thread...
CVE-2026-44212
PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The...
CVE-2026-44212
CVE-2026-44212 concerns PrestaShop's back-office Customer Service view. A stored XSS exists where an unauthenticated attacker can submit the public Contact Us form with a malicious email; the payload is stored in the database and executes when a back-office employee opens the affected customer th...
EUVD-2026-30481
PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The...
GHSA-W9F3-QC75-QGX9 PrestaShop has a stored XSS executable in customer service view
Impact This is a stored Cross-site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The payload is stored in the database and executed when a back-office employee open...
Cross-site Scripting (XSS)
Overview prestashop/prestashop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Customer Service view process. An attacker can...
PrestaShop has a stored XSS executable in customer service view
Impact This is a stored Cross-site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The payload is stored in the database and executed when a back-office employee open...
PT-2026-39239
Name of the Vulnerable Software and Affected Versions PrestaShop versions prior to 8.2.6 PrestaShop versions prior to 9.1.1 Description A stored Cross-site Scripting XSS issue exists in the back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form using ...
tecno_xss_hotfix
tecnoxsshotfix Security hotfix module for PrestaShop — patc...
BIT-PRESTASHOP-2026-33673 PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables
PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting stored XSS vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability,...
CVE-2026-33673
PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting stored XSS vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability,...
CVE-2026-33673 PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables
PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting stored XSS vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability,...
CVE-2026-33673
PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting stored XSS vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability,...
CVE-2026-33673
PrestaShop cases: Versions prior to 8.2.5 and 9.1.0 are affected by stored XSS in the back-office (BO) templates due to unprotected Template variables. An attacker with database access or a pre-existing vulnerability can inject data into the BO, enabling exploitation of unprotected variables in t...
CVE-2026-33673 PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables
PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting stored XSS vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability,...
EUVD-2026-16441
PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting stored XSS vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability,...
Cross-site Scripting (XSS)
Overview prestashop/prestashop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers. Affected versions of this package are vulnerable to Cross-site Scripting XSS in unprotected template variables in the back-office. An...
PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables
Impact Multiple stored Cross-Site Scripting stored XSS vulnerabilities in the BO: an attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability, can exploit unprotected variables in back-office templates. Patches Patched on 8.2.5 and 9.1....