Primary

Context

PrestaShop Stored Cross-Site Scripting Vulnerability in Customer Service View

Vulnerability

Patched

A stored Cross-Site Scripting vulnerability has been identified in the PrestaShop back-office Customer Service view, affecting versions prior to 8.2.6 and 9.1.1. An unauthenticated attacker can exploit this vulnerability by submitting the public Contact Us form with a malicious email address. The injected payload is stored in the database and executed when a back-office employee accesses the affected customer thread. This exploitation can lead to session hijacking and a complete takeover of the back-office account.

Impact

Exploitation of this vulnerability allows for session hijacking and full takeover of a back-office account.

Remediation

Users can upgrade to PrestaShop versions 8.2.6 or 9.1.1 to address this vulnerability.

Added: May 14, 2026, 9:53 PM

Updated: May 14, 2026, 9:53 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

5.4

exploitability

6.5

remediation

7.7

relevance

8.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

5.4

exploitability

6.5

remediation

7.7

relevance

8.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PrestaShop Stored Cross-Site Scripting Vulnerability in Customer Service View

Vulnerability

Impact

Remediation

Affected Products

PrestaShop

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating