CVE-2025-24027 – ps_contactinfo has potential XSS due to usage of the nofilter tag in template

https://notcve.org/view.php?id=CVE-2025-24027

22 Jan 2025 — ps_contactinfo, a PrestaShop module for displaying store contact information, has a cross-site scripting (XSS) vulnerability in versions up to and including 3.3.2. This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example, if the shop has a third party module vulnerable to SQL injections, then ps_contactinfo might execute a stored cross-site scripting in formatting objects. Commit d60f9a5634b4fc2d3a8831fb08fe2e1f23cbfa39 keeps fo... • https://github.com/PrestaShop/ps_contactinfo/commit/d60f9a5634b4fc2d3a8831fb08fe2e1f23cbfa39 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •