prestashop/prestashop is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to a lack of event sanitization in the $events
parameter of Validate.php
which allows an attacker to inject and execute arbitrary JavaScript into the browser.
github.com/advisories/GHSA-fh7r-996q-gvcp
github.com/PrestaShop/PrestaShop/commit/46408ae4b02f3b8b1bb6e9dc63af5bcd858abd9c
github.com/PrestaShop/PrestaShop/commit/dc682192df0e4b0d656a8e645b29ca1b9dbe3693
github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.9
github.com/PrestaShop/PrestaShop/releases/tag/8.0.4
github.com/PrestaShop/PrestaShop/security/advisories/GHSA-fh7r-996q-gvcp