Skip to content

Potential XSS injection in the newsletter conditions field

Moderate
atomiix published GHSA-vwfx-hh3w-fj99 Mar 31, 2021

Package

No package listed

Affected versions

> 2.6.0

Patched versions

2.6.1

Description

Impact

An employee can inject javascript in the newsletter condition field that will then be executed on the front office

Patches

The issue has been fixed in 2.6.1

References

Cross-site Scripting (XSS) - Stored (CWE-79)

Severity

Moderate

CVE ID

CVE-2021-21418

Weaknesses

No CWEs