Vulnerability Details CVE-2021-21398
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.7.3, an attacker can inject HTML when the Grid Column Type DataColumn is badly used. The problem is fixed in 1.7.7.3
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.5%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://github.com/PrestaShop/PrestaShop/commit/aaaba8177f3b3c510461b5e3249e30e60f900205
- https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.7.3
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-fhhq-4x46-qx77
- https://github.com/PrestaShop/PrestaShop/commit/aaaba8177f3b3c510461b5e3249e30e60f900205
- https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.7.3
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-fhhq-4x46-qx77
Products affected by CVE-2021-21398
-
cpe:2.3:a:prestashop:prestashop:1.7.7.0
-
cpe:2.3:a:prestashop:prestashop:1.7.7.1
-
cpe:2.3:a:prestashop:prestashop:1.7.7.2