PT-2026-28174 · Unknown · Prestashop

Highjoleliev

Publicado

2026-03-25

Atualizado

2026-03-30

CVE-2026-33673

CVSS v3.1

7.6

Alta

Vetor

AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PrestaShop versions prior to 8.2.5 PrestaShop versions prior to 9.1.0

Description PrestaShop is susceptible to stored Cross-Site Scripting (stored XSS) issues within the back-office (BO). An attacker capable of injecting data into the database, potentially through limited back-office access or a pre-existing flaw, can exploit unprotected variables in back-office templates.

Recommendations Update to PrestaShop version 8.2.5 or later. Update to PrestaShop version 9.1.0 or later.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

BIT-PRESTASHOP-2026-33673

CVE-2026-33673

GHSA-35PF-37C6-JXJV

Produtos afetados

Prestashop

PT-2026-28174 · Unknown · Prestashop

CVE-2026-33673

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10