Prestashop: >> Contactform >> 4.1.1 Security Vulnerabilities
In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The `message` field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScript in a victim's browser.
CVSS Score
8.0
EPSS Score
0.006
Published
2020-09-15