logo

Database

Server side cross-site scripting In prestashop/prestashop

Description

PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables

Impact

Multiple stored Cross-Site Scripting (stored XSS) vulnerabilities in the BO: an attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability, can exploit unprotected variables in back-office templates.

Patches

Patched on 8.2.5 and 9.1.0

Workarounds

None

References

None

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2026-336732. NVD-2026-336733. OSV-2026-336734. GHSA-35pf-37c6-jxjv5. GCVE-2026-33673

References

1. https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-35pf-37c6-jxjv2. https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.53. https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.