Search for packages
| purl | pkg:composer/prestashop/prestashop@9.1.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-s53g-k7gw-yyd4 | PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables ### Impact Multiple stored Cross-Site Scripting (stored XSS) vulnerabilities in the BO: an attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability, can exploit unprotected variables in back-office templates. ### Patches Patched on 8.2.5 and 9.1.0 ### Workarounds None ### References None |
CVE-2026-33673
GHSA-35pf-37c6-jxjv |
| VCID-vsng-njkm-hydv | PrestaShop: Improper Use of Validation Framework ### Impact Fix improper use of validation framework ### Patches Patched in 8.2.5 and 9.1.0 ### Workarounds None ### References none |
CVE-2026-33674
GHSA-283w-xf3q-788v |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-02T17:01:23.992148+00:00 | GHSA Importer | Fixing | VCID-s53g-k7gw-yyd4 | https://github.com/advisories/GHSA-35pf-37c6-jxjv | 38.1.0 |
| 2026-04-02T17:01:23.935867+00:00 | GHSA Importer | Fixing | VCID-vsng-njkm-hydv | https://github.com/advisories/GHSA-283w-xf3q-788v | 38.1.0 |
| 2026-04-01T12:53:41.852746+00:00 | GithubOSV Importer | Fixing | VCID-vsng-njkm-hydv | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-283w-xf3q-788v/GHSA-283w-xf3q-788v.json | 38.0.0 |
| 2026-04-01T12:53:18.468944+00:00 | GithubOSV Importer | Fixing | VCID-s53g-k7gw-yyd4 | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-35pf-37c6-jxjv/GHSA-35pf-37c6-jxjv.json | 38.0.0 |