Impact
This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned.
For example, if your shop has a third party module vulnerable to SQL injections, then ps_contactinfo might execute a stored XSS in FO.
Patches
The long term fix is to have all your modules maintained and updated.
The fix on ps_contactinfo will keep formatted addresses from displaying an xss stored in the database.
Workarounds
none
References
none
Impact
This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned.
For example, if your shop has a third party module vulnerable to SQL injections, then ps_contactinfo might execute a stored XSS in FO.
Patches
The long term fix is to have all your modules maintained and updated.
The fix on ps_contactinfo will keep formatted addresses from displaying an xss stored in the database.
Workarounds
none
References
none