Ps Emailsubscription Security Vulnerabilities

CVE-2020-5277

PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflected XSS with url_name parameter. The problem is fixed in 3.5.0

CVE-2021-21418

ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1