VDB
EN
CRITICAL 9.3

GHSA-w9f3-qc75-qgx9

PrestaShop has a stored XSS executable in customer service view

상세

### Impact

This is a **stored Cross-site Scripting (XSS)** vulnerability in the PrestaShop back-office Customer Service view.

An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The payload is stored in the database and executed when a back-office employee opens the affected customer thread, enabling session hijacking and full back-office takeover.

### Patches

Patched in PrestaShop 8.2.6 and 9.1.1.

### Workarounds

None.

### Resources

- Reported by Savio at Doyensec (`anthropic@doyensec.com`) in collaboration with Anthropic Research.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

Packagist / prestashop/prestashop
최초 영향 버전: 0 수정 버전: 8.2.6
수정 composer require prestashop/prestashop:^8.2.6
Packagist / prestashop/prestashop
최초 영향 버전: 9.0.0 수정 버전: 9.1.1
수정 composer require prestashop/prestashop:^9.1.1

참고