Unrated severityNVD Advisory· Published Mar 30, 2021· Updated Aug 3, 2024

Possible XSS injection through DataColumn Grid class

CVE-2021-21398

Description

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.7.3, an attacker can inject HTML when the Grid Column Type DataColumn is badly used. The problem is fixed in 1.7.7.3

Affected products

Prestashop/Prestashopv5
Range: >= 1.7.7.0, < 1.7.7.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/PrestaShop/PrestaShop/commit/aaaba8177f3b3c510461b5e3249e30e60f900205mitrex_refsource_MISC
github.com/PrestaShop/PrestaShop/releases/tag/1.7.7.3mitrex_refsource_MISC
github.com/PrestaShop/PrestaShop/security/advisories/GHSA-fhhq-4x46-qx77mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000