Security Advisory

CVE-2020-15178

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-09-15 17:50:13

Last updated 2024-08-04 13:08:22

Assigner GitHub_M

State PUBLISHED

Description

In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The `message` field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScript in a victims browser.

← Browse all CVEs View on cve.org ↗