SB2026050490 - Multiple vulnerabilities in PrestaShop

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026050490

SB2026050490 - Multiple vulnerabilities in PrestaShop

Published: May 4, 2026

Security Bulletin ID SB2026050490
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 vulnerabilities.


1) Improper Use of Validation Framework (CVE-ID: CVE-2026-33674)

The vulnerability allows a remote user to modify data.

The vulnerability exists due to improper use of validation framework in the validation framework when processing input. A remote privileged user can submit crafted input to modify data.

User interaction is required.


2) Cross-site scripting (CVE-ID: CVE-2026-33673)

The vulnerability allows a remote user to execute arbitrary script in the back office.

The vulnerability exists due to cross-site scripting in back-office templates when rendering unprotected variables from stored database content. A remote privileged user can inject crafted data into the database to execute arbitrary script in the back office.

User interaction is required, and exploitation requires the ability to inject data into the database through limited back-office access or a previously existing vulnerability.


Remediation

Install update from vendor's website.

References