Vulnerability Description
ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Prestashop | Ps Emailsubscription | >= 2.6.0, < 2.6.1 |
Related Weaknesses (CWE)
References
- https://github.com/PrestaShop/ps_emailsubscription/commit/664ffb225e2afb4a32640bPatchThird Party Advisory
- https://github.com/PrestaShop/ps_emailsubscription/releases/tag/v2.6.1Release NotesThird Party Advisory
- https://github.com/PrestaShop/ps_emailsubscription/security/advisories/GHSA-vwfxThird Party Advisory
- https://packagist.org/packages/prestashop/ps_emailsubscriptionThird Party Advisory
- https://github.com/PrestaShop/ps_emailsubscription/commit/664ffb225e2afb4a32640bPatchThird Party Advisory
- https://github.com/PrestaShop/ps_emailsubscription/releases/tag/v2.6.1Release NotesThird Party Advisory
- https://github.com/PrestaShop/ps_emailsubscription/security/advisories/GHSA-vwfxThird Party Advisory
- https://packagist.org/packages/prestashop/ps_emailsubscriptionThird Party Advisory
FAQ
What is CVE-2021-21418?
CVE-2021-21418 is a vulnerability with a CVSS score of 4.6 (MEDIUM). ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office...
How severe is CVE-2021-21418?
CVE-2021-21418 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-21418?
Check the references section above for vendor advisories and patch information. Affected products include: Prestashop Ps Emailsubscription.