[CRITICAL] PrestaShop cross-site scripting via customer contact form in FO, through file upload

PKSA-rpv3-t4jm-bhkm CVE-2024-34716 GHSA-45vm-3j38-7p78

Affected version: >=8.1.0,<8.1.6

Reported by:
GitHub

[MEDIUM] Path disclosure in JavaScript variable

PKSA-p3pd-yr3j-9ty2 CVE-2024-26129 GHSA-3366-9287-7qpr

Affected version: >=8.1.0,<8.1.4

Reported by:
GitHub