PrestaShop Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2026-33673 - Vulnerability Database

PrestaShop

PrestaShop Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2026-33673

Medium

Reference: CVE-2026-33673

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-33673

Title: PrestaShop Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting (stored XSS) vulnerabilities in the BO. An attacker who can inject data into the database via limited back-office access or a previously existing vulnerability can exploit unprotected variables in back-office templates. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available.