RSS   Vulnerabilities for 'Contactform'   RSS

2020-09-15
 
CVE-2020-15178

CWE-79
 

 
In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The `message` field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScript in a victim's browser.

 

 >>> Vendor: Prestashop 12 Products
Prestashop
EBAY
Ebay module
Faceted search module
Prestashop link
Prestashop linklist
Prestashop socialfollow
Correos express
Dashboard products
Contactform
Productcomments
Ps emailsubscription


Copyright 2024, cxsecurity.com

 

Back to Top