Описание
Potential XSS injection in the newsletter conditions field
Impact
An employee can inject javascript in the newsletter condition field that will then be executed on the front office
Patches
The issue has been fixed in 2.6.1
Ссылки
- https://github.com/PrestaShop/ps_emailsubscription/security/advisories/GHSA-vwfx-hh3w-fj99
- https://nvd.nist.gov/vuln/detail/CVE-2021-21418
- https://github.com/PrestaShop/ps_emailsubscription/commit/664ffb225e2afb4a32640bbedad667dc6e660b70
- https://github.com/PrestaShop/ps_emailsubscription/releases/tag/v2.6.1
- https://packagist.org/packages/prestashop/ps_emailsubscription
Пакеты
Наименование
prestashop/ps_emailsubscription
composer
Затронутые версииВерсия исправления
< 2.6.1
2.6.1
Связанные уязвимости
CVSS3: 4.6
nvd
почти 5 лет назад
ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1