CVE-2021-21418: Cross-site Scripting

March 31, 2021 (updated April 6, 2021)

ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed

References

nvd.nist.gov/vuln/detail/CVE-2021-21418

Detect and mitigate CVE-2021-21418 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →