CVE-2021-21418 MEDIUM

CVE-2021-21418: Potential XSS injection in the newsletter conditions field

Vendor Prestashop
Product ps_emailsubscription
Weakness CWE-79 · XSS
Published March 31, 2021
Last update August 3, 2024

CVSS base score

4.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1

Key dates

02Disclosure timeline

March 31, 2021 CVE published
August 3, 2024 Record updated