VDB
KO
HIGH 7.6

GHSA-35pf-37c6-jxjv

PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables

Details

### Impact Multiple stored Cross-Site Scripting (stored XSS) vulnerabilities in the BO: an attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability, can exploit unprotected variables in back-office templates.

### Patches Patched on 8.2.5 and 9.1.0

### Workarounds None

### References None

Are you affected?

Enter the version of the package you're using.

Affected packages

Packagist / prestashop/prestashop
Introduced in: 9.0.0-alpha.1 Fixed in: 9.1.0
Fix composer require prestashop/prestashop:^9.1.0
Packagist / prestashop/prestashop
Introduced in: 0 Fixed in: 8.2.5
Fix composer require prestashop/prestashop:^8.2.5

References