Savio

**Name of the Vulnerable Software and Affected Versions** PrestaShop versions prior to 8.2.6 PrestaShop versions prior to 9.1.1 **Description** A stored Cross-site Scripting (XSS) issue exists in the back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form using a malicious email address. This payload is stored in the database and executes when a back-office employee opens the affected customer thread, which can lead to session hijacking and full back-office takeover. **Recommendations** Update to version 8.2.6. Update to version 9.1.1.