Is Microsoft affected by EUVD-2026-16441?

PrestaShop's back-office administration panel contains stored XSS vulnerabilities that could allow attackers to execute malicious code in administrators' browsers, potentially leading to unauthorized account takeover, data theft, or system compromise.

EUVD-2026-16441

| CVE-2026-33673 HIGH

2026-03-25 https://github.com/PrestaShop/PrestaShop

7.6

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 25, 2026 - 19:47 vuln.today

EUVD ID Assigned

Mar 25, 2026 - 19:47 euvd

EUVD-2026-16441

CVE Published

Mar 25, 2026 - 19:41 nvd

HIGH 7.6

Description

### Impact Multiple stored Cross-Site Scripting (stored XSS) vulnerabilities in the BO: an attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability, can exploit unprotected variables in back-office templates. ### Patches Patched on 8.2.5 and 9.1.0 ### Workarounds None ### References None

Analysis

PrestaShop contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the back-office (BO) administration panel. An attacker with limited back-office access or who has exploited a separate vulnerability to inject data into the database can exploit unprotected template variables to execute arbitrary JavaScript in administrators' browsers. …

Remediation

Within 24 hours: Inventory all PrestaShop instances and document current versions; restrict back-office access to essential personnel only and audit active administrative accounts for unauthorized access. Within 7 days: Implement network segmentation to isolate back-office administration panels; enable enhanced logging and monitoring for suspicious JavaScript execution and administrative actions; conduct user awareness training on phishing and malicious links. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: 0

EUVD-2026-16441 vulnerability details – vuln.today

Back

EUVD-2026-16441

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-16441

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code