Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Prestashop Subscribe
Filtered by product Contactform
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-15178 1 Prestashop 1 Contactform 2020-09-21 4.3 MEDIUM 9.3 CRITICAL
In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The `message` field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScript in a victim's browser.