Security Advisories - prestashop/prestashop - Packagist.org

prestashop/prestashop Security Advisories for 8.2.2 (4)

[HIGH] PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables

PKSA-327m-nm79-1t19 CVE-2026-33673 GHSA-35pf-37c6-jxjv

Affected version: <8.2.5|>=9.0.0-alpha.1,<9.1.0

Reported by:
GitHub
[LOW] PrestaShop: Improper Use of Validation Framework

PKSA-qc2t-77k5-sq5w CVE-2026-33674 GHSA-283w-xf3q-788v

Affected version: >=9.0.0-alpha.1,<9.1.0|<8.2.5

Reported by:
GitHub
[MEDIUM] PrestaShop affected by time based enumeration in FO login form

PKSA-b6pc-d5t4-9nqt CVE-2026-25597 GHSA-67v7-3g49-mxh2

Affected version: <8.2.4|>=9.0.0-alpha.1,<9.0.3

Reported by:
GitHub
[MEDIUM] Presta Shop vulnerable to email enumeration

PKSA-4dxn-7gh3-5s8z CVE-2025-51586 GHSA-8xx5-h6m3-jr33

Affected version: <8.2.3

Reported by:
GitHub