This advisory has been withdrawn because it is a duplicate of GHSA-95hx-62rh-gg96. This link is maintained to preserve external references.
A cross-site scripting (XSS) vulnerability in PrestaShop v1.7.7.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter in /contactform/contactform.php.
Vendor | Product | Version | CPE |
---|---|---|---|
prestashop | prestashop | * | cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:* |