CVE-2020-15178 – In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacke …

15 September 2020

Vuln ID: CVE-2020-15178

Published: 2020-09-15 18:15:13Z

Description: In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The `message` field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScript in a victim’s browser.

Source: NVD.NIST.GOV

Date:

15 September 2020

Categorie(s):

NVD

Tag(s):

NVD

New U.K. Law Bans Default Passwords on Smart Devices Starting April 202430 April 2024
Meet the New Exclusive AI Malware Analyst: Gemini 1.5 Pro30 April 2024
An Empty S3 Bucket Can Make Your AWS Bills Explode30 April 2024
Triangulation fraud: The costly scam hitting online retailers30 April 2024
Tracecat: Open-source SOAR30 April 2024