CVE-2026-33673
PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables
CVSS Score
7.7
EPSS Score
0.0%
EPSS Percentile
11th
PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting (stored XSS) vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability, can exploit unprotected variables in back-office templates. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available.
| CWE | CWE-79 |
| Vendor | prestashop |
| Product | prestashop |
| Published | Mar 26, 2026 |
| Last Updated | Mar 27, 2026 |
Stay Ahead of the Next One
Get instant alerts for prestashop prestashop
Be the first to know when new high vulnerabilities affecting prestashop prestashop are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
PrestaShop / PrestaShop
>= 9.0.0-alpha.1, < 9.1.0 < 8.2.5