CVE-2025-1230

Name of the Vulnerable Software and Affected Versions: Prestashop version 8.1.7

Description: The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability due to the lack of proper validation of user input. This affects the link parameter through the /index.php endpoint, specifically in the admin directory. A remote user could send a specially crafted query to an authenticated user, potentially stealing their cookie session details.

Recommendations: For Prestashop version 8.1.7, as a temporary workaround, consider disabling access to the /index.php endpoint in the admin directory until a patch is available. Restrict input validation for the link parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.