CVE-2021-21418

MEDIUM

PrestaShop ps_emailsubscription < 2.6.1 - Stored Cross-Site Scripting in Newsletter Condition Field

Title source: llm
STIX 2.1

Description

ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1

Scores

CVSS v3 4.6
EPSS 0.0079
EPSS Percentile 51.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
prestashop/ps_emailsubscription 0 - 2.6.1Packagist
prestashop/ps_emailsubscription 2.6.0 - 2.6.1
Published Mar 31, 2021
Tracked Since Feb 18, 2026