Vulnerability Description
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.7.3, an attacker can inject HTML when the Grid Column Type DataColumn is badly used. The problem is fixed in 1.7.7.3
CVSS Score
5.4
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Prestashop | Prestashop | >= 1.7.7.0, < 1.7.7.3 |
Related Weaknesses (CWE)
References
- https://github.com/PrestaShop/PrestaShop/commit/aaaba8177f3b3c510461b5e3249e30e6PatchThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.7.3Third Party Advisory
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-fhhq-4x46-qx77Third Party Advisory
- https://github.com/PrestaShop/PrestaShop/commit/aaaba8177f3b3c510461b5e3249e30e6PatchThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.7.3Third Party Advisory
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-fhhq-4x46-qx77Third Party Advisory
FAQ
What is CVE-2021-21398?
CVE-2021-21398 is a vulnerability with a CVSS score of 5.4 (MEDIUM). PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.7.3, an attacker can inject HTML when the Grid Column Type DataColumn is badly used. The problem is fix...
How severe is CVE-2021-21398?
CVE-2021-21398 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-21398?
Check the references section above for vendor advisories and patch information. Affected products include: Prestashop Prestashop.