Description

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2

Remediation

References

CVE-2021-21308

Related Vulnerabilities

MySQL CVE-2014-2444 Vulnerability (CVE-2014-2444)

WordPress Plugin WordPress Popups for Marketing and Email Newsletters, Lead Generation and Conversions by OptinMonster Cross-Site Scripting (2.6.0)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-38901)

MySQL CVE-2021-2031 Vulnerability (CVE-2021-2031)

WordPress Plugin Memphis Documents Library Cross-Site Request Forgery (3.9.20)

Severity

Critical

Classification

CVE-2021-21308 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities