2 matches found
CVE-2024-21628
creationtimestamp| type| source ---|---|--- 2024-01-02 23:26:56+00:00| seen| https://t.me/ctinow/162095 2024-01-03 01:38:17+00:00| seen| https://t.me/cibsecurity/74213 2024-01-23 10:26:57+00:00| seen| https://t.me/ctinow/171831...
CVE-2024-21628
PrestaShop pre-8.1.3 is vulnerable to stored cross-site scripting via the add-a-message form in the order-detail page (FO). The isCleanHtml method is not used on this form, allowing a payload to be stored in the database. Impact: low in BO due to Twig escaping; in FO the XSS can affect the custom...