This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned.
For example, if your shop has a third party module vulnerable to SQL injections, then ps_contactinfo might execute a stored XSS in FO.
The long term fix is to have all your modules maintained and updated. The fix on ps_contactinfo will keep formatted addresses from displaying an xss stored in the database.
none
none
{ "nvd_published_at": "2025-01-22T15:15:27Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2025-01-22T18:10:58Z" }