prestashop/contactform
Releases23
Frequency5 months 1 week
Last Release
Downloads8.29M
PrestaShop module contactform
CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| < 4.3.0 | 8 HIGH | 4.3 MEDIUM | ||
In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The `message` field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScript in a victim's browser. | ||||