In version 8.2.1 of PrestaShop, there is a vulnerability relating to the incorrect sanitisation of elements, caused by inadequate validation of the ‘Alias’ parameter in the ‘Update your address’ function. This flaw allows an attacker to inject malicious expressions that are executed when the information is exported using the ‘Get my data in CSV’ tool. Successful exploitation of this vulnerability could facilitate unauthorised access to the victim’s personal data.
Advisories
No advisories yet.
Fixes
Solution
No solution has been reported as yet.
Workaround
No workaround given by the vendor.
References
History
Mon, 13 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 13 Jul 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Prestashop
Prestashop the Firmware |
|
| Vendors & Products |
Prestashop
Prestashop the Firmware |
Mon, 13 Jul 2026 10:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | In version 8.2.1 of PrestaShop, there is a vulnerability relating to the incorrect sanitisation of elements, caused by inadequate validation of the ‘Alias’ parameter in the ‘Update your address’ function. This flaw allows an attacker to inject malicious expressions that are executed when the information is exported using the ‘Get my data in CSV’ tool. Successful exploitation of this vulnerability could facilitate unauthorised access to the victim’s personal data. | |
| Title | Incorrect neutralisation in the PrestaShop firmware | |
| Weaknesses | CWE-1236 | |
| References |
| |
| Metrics |
cvssV4_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: INCIBE
Published:
Updated: 2026-07-13T14:12:40.463Z
Reserved: 2026-07-06T11:34:32.061Z
Link: CVE-2026-14846
Updated: 2026-07-13T14:12:25.277Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-13T14:37:56Z
Weaknesses