PrestaShop/contactform

Releases14

Frequency7 months 3 weeks

Last Release over 1 year ago

Stars9

Adds a contact form to the "Contact us" page

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-15178 ↗	Sep 15, 2020Tuesday, 15 September 2020, 18:15	8 HIGH	4.3 MEDIUM
In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The `message` field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScript in a victim's browser.