PT-2026-28174 · Unknown · Prestashop

Highjoleliev

Published

2026-03-25

Updated

2026-03-30

CVE-2026-33673

CVSS v3.1

7.6

High

Vector

AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PrestaShop versions prior to 8.2.5 PrestaShop versions prior to 9.1.0

Description PrestaShop is susceptible to stored Cross-Site Scripting (stored XSS) issues within the back-office (BO). An attacker capable of injecting data into the database, potentially through limited back-office access or a pre-existing flaw, can exploit unprotected variables in back-office templates.

Recommendations Update to PrestaShop version 8.2.5 or later. Update to PrestaShop version 9.1.0 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BIT-PRESTASHOP-2026-33673

CVE-2026-33673

GHSA-35PF-37C6-JXJV

Affected Products

Prestashop

PT-2026-28174 · Unknown · Prestashop

CVE-2026-33673

Weakness Enumeration

Related Identifiers

Affected Products

References · 10