prestashop/prestashop is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to a lack of sanitization in contactform.php which allows an attacker to inject and execute arbitrary JavaScript into the browser.
contactform.php
github.com/advisories/GHSA-6mhc-hqr3-w466
github.com/mustgundogdu/Research/blob/main/PrestaShop/ReflectedXSS_1.7.7.4.md