Description
In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. The problem is fixed in 1.7.6.8
Remediation
References
Related Vulnerabilities
WordPress Plugin HubSpot All-In-One Marketing-Forms, Popups, Live Chat Cross-Site Scripting (7.5.5)
MySQL CVE-2022-21479 Vulnerability (CVE-2022-21479)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17310)