Lucene search

CVE-2021-21418

🗓️ 31 Mar 2021 18:14:15Reported by GitHub_MType

ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 7
Cvelist	CVE-2021-21418 Potential XSS injection in the newsletter conditions field	31 Mar 202117:35	–	cvelist
Veracode	Cross-site Scripting (XSS)	1 Apr 202103:43	–	veracode
Github Security Blog	Potential XSS injection in the newsletter conditions field	6 Apr 202117:24	–	github
Prion	Race condition	31 Mar 202118:15	–	prion
NVD	CVE-2021-21418	31 Mar 202118:15	–	nvd
OSV	CVE-2021-21418	31 Mar 202118:15	–	osv
OSV	Potential XSS injection in the newsletter conditions field	6 Apr 202117:24	–	osv

Nvd

Vulners

Node

prestashop ps_emailsubscriptionRange2.6.0–2.6.1prestashop

[
  {
    "product": "ps_emailsubscription",
    "vendor": "PrestaShop",
    "versions": [
      {
        "status": "affected",
        "version": "< 2.6.1"
      }
    ]
  }
]

Source	Link
github	www.github.com/PrestaShop/ps_emailsubscription/releases/tag/v2.6.1
github	www.github.com/PrestaShop/ps_emailsubscription/security/advisories/GHSA-vwfx-hh3w-fj99
packagist	www.packagist.org/packages/prestashop/ps_emailsubscription
github	www.github.com/PrestaShop/ps_emailsubscription/commit/664ffb225e2afb4a32640bbedad667dc6e660b70

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

31 Mar 2021 18:15Current

4.9Medium risk

Vulners AI Score4.9

CVSS23.5

CVSS34.6 - 5.4

EPSS0.00264

CWE-79