Description

ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1

Related CPE's

a

prestashop

ps_emailsubscription

*

*

*

*

*

prestashop

Vulnerable

References

https://github.com/PrestaShop/ps_emailsubscription/commit/664ffb225e2afb4a32640bbedad667dc6e660b70

PatchThird Party Advisory

https://github.com/PrestaShop/ps_emailsubscription/releases/tag/v2.6.1

Release NotesThird Party Advisory

https://github.com/PrestaShop/ps_emailsubscription/security/advisories/GHSA-vwfx-hh3w-fj99

Third Party Advisory

https://packagist.org/packages/prestashop/ps_emailsubscription

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.4 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-03-31T18:15:14.503

4 years ago

Last modified

2021-04-06T12:04:21.667

4 years ago