In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The `message` field was incorrectly unescaped, possibly allowing malicious users to execute arbitrary JavaScript in a victim's browser.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
prestashop contactform |