prestashop/prestashop Security Advisories for 8.1.3 (6)
-
[HIGH] PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables
PKSA-327m-nm79-1t19 CVE-2026-33673 GHSA-35pf-37c6-jxjv
Affected version: <8.2.5|>=9.0.0-alpha.1,<9.1.0
Reported by:
GitHub -
[LOW] PrestaShop: Improper Use of Validation Framework
PKSA-qc2t-77k5-sq5w CVE-2026-33674 GHSA-283w-xf3q-788v
Affected version: >=9.0.0-alpha.1,<9.1.0|<8.2.5
Reported by:
GitHub -
[MEDIUM] PrestaShop affected by time based enumeration in FO login form
PKSA-b6pc-d5t4-9nqt CVE-2026-25597 GHSA-67v7-3g49-mxh2
Affected version: <8.2.4|>=9.0.0-alpha.1,<9.0.3
Reported by:
GitHub -
[MEDIUM] Presta Shop vulnerable to email enumeration
PKSA-4dxn-7gh3-5s8z CVE-2025-51586 GHSA-8xx5-h6m3-jr33
Affected version: <8.2.3
Reported by:
GitHub -
[CRITICAL] PrestaShop cross-site scripting via customer contact form in FO, through file upload
PKSA-rpv3-t4jm-bhkm CVE-2024-34716 GHSA-45vm-3j38-7p78
Affected version: >=8.1.0,<8.1.6
Reported by:
GitHub -
[MEDIUM] Path disclosure in JavaScript variable
PKSA-p3pd-yr3j-9ty2 CVE-2024-26129 GHSA-3366-9287-7qpr
Affected version: >=8.1.0,<8.1.4
Reported by:
GitHub