Cross-site Scripting (XSS)

pscontactinfo is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of formatted addresses, which allows stored script execution when combined with third-party modules...

ps_contactinfo has a potential XSS due to usage of the nofilter tag in template

Impact This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example, if your shop has a third party module vulnerable to SQL injections, then pscontactinfo might execute a stored XSS in FO. Patches The long term fix is to...

GHSA-35PQ-7PV2-2RFW ps_contactinfo has a potential XSS due to usage of the nofilter tag in template

Impact This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example, if your shop has a third party module vulnerable to SQL injections, then pscontactinfo might execute a stored XSS in FO. Patches The long term fix is to...

PrestaShop 跨站脚本漏洞

PrestaShop is an open source e-commerce solution from the US company PrestaShop. The solution provides multiple payment methods, short message alerts and product image zoom and other features. A cross-site scripting vulnerability exists in PrestaShop pscontactinfo version 3.3.2 and earlier...