[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-44212":6},{"stargazers_count":4,"fetched_at":5},5,"2026-05-15T08:03:46.741Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":46,"downstream":47,"duplicates":48,"related":49,"reserved_at":9,"published_at":50,"modified_at":50,"state":51,"summary":52,"references_raw":59,"kevs":66,"epss":9,"epss_history":67,"metrics":68,"affected":76},"CVE-2026-44212","PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting (XSS) vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The payload is stored in the database and executed when a back-office employee opens the affected customer thread, enabling session hijacking and full back-office takeover. This vulnerability is fixed in 8.2.6 and 9.1.1.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[],[],[],[],[],"2026-05-14T20:44:08.152Z","Received",{"cisa_kev":53,"cisa_ransomware":53,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":54,"severity_score":55,"severity_version":56,"severity_source":57,"severity_vector":58,"severity_status":51},false,"critical",9.3,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",[60],{"url":61,"sources":62,"tags":64},"https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-w9f3-qc75-qgx9",[57,63],"nvd",[65],"X Refsource CONFIRM",[],[],[69,74],{"source":57,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":70,"cvss_v4_0":9},{"baseScore":55,"baseSeverity":71,"vectorString":58,"impactScore":72,"exploitabilityScore":73},"CRITICAL",9.7,7.2,{"source":63,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":75,"cvss_v4_0":9},{"baseScore":55,"baseSeverity":71,"vectorString":58,"impactScore":72,"exploitabilityScore":73},[77],{"ecosystem":9,"name":78,"vendor":79,"product":79,"cpe_part":80,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":81},"PrestaShop","prestashop","a",[82,87],{"version":83,"is_range":84,"range_type":57,"version_start":9,"version_start_type":9,"version_end":85,"version_end_type":86,"fixed_in":9},"\u003C 8.2.6",true,"8.2.6","excluding",{"version":88,"is_range":84,"range_type":57,"version_start":89,"version_start_type":90,"version_end":91,"version_end_type":86,"fixed_in":9},">= 9.0.0-alpha.1, \u003C 9.1.1","9.0.0-alpha.1","including","9.1.1"]