CVE-2021-21418
Summary
| CVE | CVE-2021-21418 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-03-31 18:15:00 UTC |
| Updated | 2021-04-06 12:04:00 UTC |
| Description | ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1 |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Prestashop | Ps Emailsubscription | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Release v2.6.1 · PrestaShop/ps_emailsubscription · GitHub | MISC | github.com | |
| prestashop/ps_emailsubscription - Packagist | MISC | packagist.org | |
| Merge pull request from GHSA-vwfx-hh3w-fj99 · PrestaShop/ps_emailsubscription@664ffb2 · GitHub | MISC | github.com | |
| Potential XSS injection in the newsletter conditions field · Advisory · PrestaShop/ps_emailsubscription · GitHub | CONFIRM | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.