CVE-2024-21628
PrestaShop pre-8.1.3 is vulnerable to stored cross-site scripting via the add-a-message form in the order-detail page (FO). The isCleanHtml method is not used on this form, allowing a payload to be stored in the database. Impact: low in BO due to Twig escaping; in FO the XSS can affect the custom...