CVE-2025-1230: 
Prestashop vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Prestashop 8.1.7, identified as CVE-2025-1230. The vulnerability was disclosed on February 12, 2025, and was discovered by David Aparicio Salcedo. The vulnerability exists due to improper validation of user input through '//index.php', specifically affecting the 'link' parameter (INCIBE Notice, NVD).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has been assigned a CVSS v3.1 base score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires network access, low attack complexity, high privileges, and user interaction, with potential impacts on confidentiality and integrity (NVD).

If exploited, this vulnerability could allow a remote attacker to send specially crafted queries to authenticated users and potentially steal their cookie session details, leading to unauthorized access to user sessions (INCIBE Notice).

The manufacturer is currently working on developing a fix for this vulnerability. Users are advised to update to the latest version when available (INCIBE Notice).