更新: 270 个文件 - 2026-03-28 03:48:48
这个提交包含在:
@@ -7,13 +7,14 @@
|
||||
"title": "PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables",
|
||||
"summary": "### Impact\nMultiple stored Cross-Site Scripting (stored XSS) vulnerabilities in the BO: an attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability, can exploit unprotected variables in back-office templates.\n\n### Patches\nPatched on 8.2.5 and 9.1.0\n\n### Workarounds\nNone\n\n### References\nNone",
|
||||
"published_at": "2026-03-25T19:41:50Z",
|
||||
"updated_at": "2026-03-25T19:48:31.156136Z",
|
||||
"updated_at": "2026-03-27T21:52:37.272493Z",
|
||||
"severity": "low",
|
||||
"cvss_score": 3.1,
|
||||
"exploit_status": "unknown",
|
||||
"source_confidence": "ecosystem-authority",
|
||||
"official_source_url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-35pf-37c6-jxjv",
|
||||
"secondary_source_urls": [
|
||||
"https://nvd.nist.gov/vuln/detail/CVE-2026-33673",
|
||||
"https://github.com/PrestaShop/PrestaShop",
|
||||
"https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5",
|
||||
"https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0"
|
||||
@@ -145,6 +146,7 @@
|
||||
"patched_version": "9.1.0",
|
||||
"version_evidence_sources": [
|
||||
"https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-35pf-37c6-jxjv",
|
||||
"https://nvd.nist.gov/vuln/detail/CVE-2026-33673",
|
||||
"https://github.com/PrestaShop/PrestaShop",
|
||||
"https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5",
|
||||
"https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0"
|
||||
|
||||
在新工单中引用
屏蔽一个用户