CRITICAL 9.3
GHSA-w9f3-qc75-qgx9
PrestaShop has a stored XSS executable in customer service view
상세
### Impact
This is a **stored Cross-site Scripting (XSS)** vulnerability in the PrestaShop back-office Customer Service view.
An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The payload is stored in the database and executed when a back-office employee opens the affected customer thread, enabling session hijacking and full back-office takeover.
### Patches
Patched in PrestaShop 8.2.6 and 9.1.1.
### Workarounds
None.
### Resources
- Reported by Savio at Doyensec (`anthropic@doyensec.com`) in collaboration with Anthropic Research.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
Packagist / prestashop/prestashop
최초 영향 버전:
0 수정 버전: 8.2.6 수정
composer require prestashop/prestashop:^8.2.6 Packagist / prestashop/prestashop
최초 영향 버전:
9.0.0 수정 버전: 9.1.1 수정
composer require prestashop/prestashop:^9.1.1