Description
PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting (stored XSS) vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability, can exploit unprotected variables in back-office templates. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available.
Remediation
References
Related Vulnerabilities
Envoy Proxy Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-27492)
SharePoint Download of Code Without Integrity Check Vulnerability (CVE-2020-1595)
WordPress Plugin Mass Pages/Posts Creator Cross-Site Scripting (1.2.2)
Open Resty Inefficient Algorithmic Complexity Vulnerability (CVE-2024-39702)