CVE-2021-21418

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-21418

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21418.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-21418

Aliases

GHSA-vwfx-hh3w-fj99

Published

2021-03-31T18:15:14Z

Modified

2024-05-30T02:48:01.311738Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1

References

Affected packages

Git / github.com/prestashop/ps_emailsubscription

Affected ranges

Type: GIT
Repo: https://github.com/prestashop/ps_emailsubscription
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

664ffb225e2afb4a32640bbedad667dc6e660b70

Affected versions

v1.*

v1.0.1

v1.1.0

v1.1.1

v1.1.2

v1.1.6

v2.*

v2.1.0

v2.2.0

v2.3.0

v2.5.0