Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Potential XSS injection in the newsletter conditions field
Vulnerability Description
ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Progi1984 ps_emailsubscription 跨站脚本漏洞
Vulnerability Description
Progi1984 ps_emailsubscription是 (Progi1984)开源的一个应用程序。提供一个电子邮件表格。 ps_emailsubscription 存在安全漏洞,该漏洞源于可以在newsletter条件字段中注入javascript。
CVSS Information
N/A
Vulnerability Type
N/A