Tag
A stored cross-site scripting (XSS) vulnerability exists in PrestaShop's back-office customer service view, where an unauthenticated attacker can submit a malicious email address via the Contact Us form, leading to session hijacking and full back-office takeover when an employee opens the affected customer thread; patched in PrestaShop 8.2.6 and 9.1.1.