Lucene search
GitHub_MCVELIST:CVE-2021-21418HistoryMar 31, 2021 - 5:35 p.m.
CVE-2021-21418 Potential XSS injection in the newsletter conditions field
2021-03-3117:35:15
CWE-79
GitHub_M
www.cve.org
3
xss injection
ps_emailsubscription
newsletter
prestashop
fixed version
CVSS3
4.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
31.7%
ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1
CNA Affected
[
{
"product": "ps_emailsubscription",
"vendor": "PrestaShop",
"versions": [
{
"status": "affected",
"version": "< 2.6.1"
}
]
}
]Related
veracode
veracode
Cross-site Scripting (XSS)
2021-04-01 03:43:07
osv
osv
CVE-2021-21418
2021-03-31 18:15:14
Potential XSS injection in the newsletter conditions field
2021-04-06 17:24:14
cve
cve
CVE-2021-21418
2021-03-31 18:15:14
github
github
Potential XSS injection in the newsletter conditions field
2021-04-06 17:24:14
prion
prion
Race condition
2021-03-31 18:15:00
nvd
nvd
CVE-2021-21418
2021-03-31 18:15:14
CVSS3
4.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
31.7%
Related for CVELIST:CVE-2021-21418