Mflasquin

**Name of the Vulnerable Software and Affected Versions** PrestaShop versions prior to 8.0.4 and 1.7.8.9 **Description** The issue concerns the `ValidateCore::isCleanHTML()` method of PrestaShop, which misses hijackable events, leading to cross-site scripting (XSS) injection. This is allowed by the presence of pre-setup `@keyframes` methods. The XSS can hijack HTML attributes and can be triggered without any interaction by the visitor or administrator, making it as dangerous as a trivial XSS attack. Unlike other attacks that target HTML attributes and are triggered without user interaction, this one can hijack every HTML element, increasing the danger due to its complete HTML elements scope. **Recommendations** For PrestaShop versions prior to 8.0.4, update to version 8.0.4 or later. For PrestaShop versions prior to 1.7.8.9, update to version 1.7.8.9 or later.