更新: 270 个文件 - 2026-03-28 03:48:48

这个提交包含在:
hao
2026-03-28 03:48:48 -07:00
父节点 bce7f9ef61
当前提交 d560e6b421
修改 270 个文件,包含 13395 行新增2077 行删除

查看文件

@@ -7,13 +7,14 @@
"title": "PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables",
"summary": "### Impact\nMultiple stored Cross-Site Scripting (stored XSS) vulnerabilities in the BO: an attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability, can exploit unprotected variables in back-office templates.\n\n### Patches\nPatched on 8.2.5 and 9.1.0\n\n### Workarounds\nNone\n\n### References\nNone",
"published_at": "2026-03-25T19:41:50Z",
"updated_at": "2026-03-25T19:48:31.156136Z",
"updated_at": "2026-03-27T21:52:37.272493Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "ecosystem-authority",
"official_source_url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-35pf-37c6-jxjv",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-33673",
"https://github.com/PrestaShop/PrestaShop",
"https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5",
"https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0"
@@ -145,6 +146,7 @@
"patched_version": "9.1.0",
"version_evidence_sources": [
"https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-35pf-37c6-jxjv",
"https://nvd.nist.gov/vuln/detail/CVE-2026-33673",
"https://github.com/PrestaShop/PrestaShop",
"https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5",
"https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0"