First published: Tue Mar 30 2021(Updated: )
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.7.3, an attacker can inject HTML when the Grid Column Type DataColumn is badly used. The problem is fixed in 1.7.7.3
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Prestashop Prestashop | >=1.7.7.0<1.7.7.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-21398 is a vulnerability in PrestaShop e-commerce solution where an attacker can inject HTML when the Grid Column Type DataColumn is badly used.
The severity of CVE-2021-21398 is medium with a base score of 5.4.
An attacker can exploit CVE-2021-21398 by injecting malicious HTML when the Grid Column Type DataColumn is misused.
To fix CVE-2021-21398, update PrestaShop to version 1.7.7.3 or later.
You can find more information about CVE-2021-21398 in the links provided: [link1], [link2], [link3].