Packagist (Composer) package
prestashop/contactform
pkg:composer/prestashop/contactform
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-15178 | — | >= 1.0.1, < 4.3.0 | 4.3.0 | Sep 15, 2020 | In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The `message` field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScript in a victim's browser. |
- CVE-2020-15178Sep 15, 2020affected >= 1.0.1, < 4.3.0fixed 4.3.0
In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The `message` field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScript in a victim's browser.