David Aparicio Salcedo

Name of the Vulnerable Software and Affected Versions: Prestashop version 8.1.7 Description: The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability due to the lack of proper validation of user input. This affects the `link` parameter through the `/index.php` endpoint, specifically in the admin directory. A remote user could send a specially crafted query to an authenticated user, potentially stealing their cookie session details. Recommendations: For Prestashop version 8.1.7, as a temporary workaround, consider disabling access to the `/index.php` endpoint in the admin directory until a patch is available. Restrict input validation for the `link` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.