CVE-2021-21418
4.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Summary
ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| PrestaShop | ps_emailsubscription | < 2.6.1 | affected |
Weaknesses
- CWE-79: {"CWE-79":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/PrestaShop/ps_emailsubscription/security/advisories/GHSA-vwfx-hh3w-fj99
- https://github.com/PrestaShop/ps_emailsubscription/commit/664ffb225e2afb4a32640bbedad667dc6e660b70
- https://github.com/PrestaShop/ps_emailsubscription/releases/tag/v2.6.1
- https://packagist.org/packages/prestashop/ps_emailsubscription
References
- https://github.com/PrestaShop/ps_emailsubscription/security/advisories/GHSA-vwfx-hh3w-fj99
- https://github.com/PrestaShop/ps_emailsubscription/commit/664ffb225e2afb4a32640bbedad667dc6e660b70
- https://github.com/PrestaShop/ps_emailsubscription/releases/tag/v2.6.1
- https://packagist.org/packages/prestashop/ps_emailsubscription
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.