{"vulnerability": "CVE-2024-21628", "sightings": [{"uuid": "d3982206-98a8-47fb-902b-d24df76c0656", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21628", "type": "seen", "source": "https://t.me/ctinow/171831", "content": "https://ift.tt/1cverQ5\nCVE-2024-21628 | PrestaShop up to 8.1.2 Form isCleanHtml cross site scripting (GHSA-vr7m-r9vm-m4wf)", "creation_timestamp": "2024-01-23T10:26:57.000000Z"}, {"uuid": "3215b20b-00df-48d0-b242-3230cd51f688", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21628", "type": "seen", "source": "https://t.me/cibsecurity/74213", "content": "\u203c\ufe0fCVE-2024-21628\u203c\ufe0f\n\nPrestaShop is an opensource ecommerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a crosssite scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig's escape mechanism. In FO, the crosssite scripting attack is effective, but only impacts the customer sending it, or the customer session from which it was sent. This issue affects those who have a module fetching these messages from the DB and displaying it without escaping HTML. Version 8.1.3 contains a patch for this issue.\n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2024-01-03T01:38:17.000000Z"}, {"uuid": "9b917a6c-2ae5-4088-a36f-19824abc439b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21628", "type": "seen", "source": "https://t.me/ctinow/162095", "content": "https://ift.tt/42t6oaG\nCVE-2024-21628", "creation_timestamp": "2024-01-02T23:26:56.000000Z"}]}