Описание
In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The message field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScript in a victim's browser.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- Vendor Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.3.0 (исключая)
cpe:2.3:a:prestashop:contactform:*:*:*:*:*:prestashop:*:*
EPSS
Процентиль: 68%
0.00583
Низкий
8 High
CVSS3
9.3 Critical
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 8
github
больше 5 лет назад
Potential XSS injection In PrestaShop contactform
EPSS
Процентиль: 68%
0.00583
Низкий
8 High
CVSS3
9.3 Critical
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79