PT-2026-39239 · Unknown · Prestashop

Savio

Published

2026-05-08

Updated

2026-05-18

CVE-2026-44212

CVSS v3.1

9.3

Critical

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions PrestaShop versions prior to 8.2.6 PrestaShop versions prior to 9.1.1

Description A stored Cross-site Scripting (XSS) issue exists in the back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form using a malicious email address. This payload is stored in the database and executes when a back-office employee opens the affected customer thread, which can lead to session hijacking and full back-office takeover.

Recommendations Update to version 8.2.6. Update to version 9.1.1.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BIT-PRESTASHOP-2026-44212

CVE-2026-44212

GHSA-W9F3-QC75-QGX9

Affected Products

Prestashop

PT-2026-39239 · Unknown · Prestashop

CVE-2026-44212

Weakness Enumeration

Related Identifiers

Affected Products

References · 11