CVE-2025-24027: ps_contactinfo has a potential XSS due to usage of the nofilter tag in template
This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned.
For example, if your shop has a third party module vulnerable to SQL injections, then ps_contactinfo might execute a stored XSS in FO.
References
Detect and mitigate CVE-2025-24027 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →