CVE-2024-21627

Name of the Vulnerable Software and Affected Versions PrestaShop versions prior to 8.1.3 PrestaShop versions prior to 1.7.8.11

Description PrestaShop is an open-source e-commerce platform. Some event attributes are not detected by the isCleanHTML method, which could make some modules using this method vulnerable to cross-site scripting.

Recommendations For versions prior to 8.1.3, update to version 8.1.3 to resolve the issue. For versions prior to 1.7.8.11, update to version 1.7.8.11 to resolve the issue. As a temporary workaround, consider using the HTMLPurifier library to sanitize HTML input coming from users, as it is already available as a dependency in the PrestaShop project. Be aware that in legacy object models, fields of HTML type will call isCleanHTML.