CVE-2021-21418

Summary

ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1

Affected Software

VendorProductVersion RangeStatus
PrestaShopps_emailsubscription< 2.6.1affected

Weaknesses

  • CWE-79: {"CWE-79":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}

ADP Enrichment

CVE Program Container

Additional References

References