Description
A cross-site scripting (XSS) vulnerability in PrestaShop v1.7.7.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter in /contactform/contactform.php.
Remediation
References
Related Vulnerabilities
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0372)
Oracle JRE CVE-2013-2447 Vulnerability (CVE-2013-2447)
WordPress Plugin WP-Recall-Registration, Profile, Commerce & More SQL Injection (16.26.5)
PHP Inadequate Encryption Strength Vulnerability (CVE-2020-7069)
WordPress Plugin BuddyPress Multiple Cross-Site Request Forgery Vulnerabilities (2.8.1)