Moderate severityNVD Advisory· Published Mar 31, 2021· Updated Aug 3, 2024
Potential XSS injection in the newsletter conditions field
CVE-2021-21418
Description
ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
prestashop/ps_emailsubscriptionPackagist | < 2.6.1 | 2.6.1 |
Affected products
2- Range: < 2.6.1
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-vwfx-hh3w-fj99ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-21418ghsaADVISORY
- github.com/PrestaShop/ps_emailsubscription/commit/664ffb225e2afb4a32640bbedad667dc6e660b70ghsax_refsource_MISCWEB
- github.com/PrestaShop/ps_emailsubscription/releases/tag/v2.6.1ghsax_refsource_MISCWEB
- github.com/PrestaShop/ps_emailsubscription/security/advisories/GHSA-vwfx-hh3w-fj99ghsax_refsource_CONFIRMWEB
- packagist.org/packages/prestashop/ps_emailsubscriptionghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.