{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-21627","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2023-12-29T03:00:44.954Z","datePublished":"2024-01-02T21:03:17.816Z","dateUpdated":"2025-06-03T14:45:21.732Z"},"containers":{"cna":{"title":"Some attribute not escaped in Validate::isCleanHTML method","problemTypes":[{"descriptions":[{"cweId":"CWE-79","lang":"en","description":"CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-20","lang":"en","description":"CWE-20: Improper Input Validation","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N","version":"3.1"}}],"references":[{"name":"https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xgpm-q3mq-46rq","tags":["x_refsource_CONFIRM"],"url":"https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xgpm-q3mq-46rq"},{"name":"https://github.com/PrestaShop/PrestaShop/commit/73cfb44666818eefd501b526a894fe884dd12129","tags":["x_refsource_MISC"],"url":"https://github.com/PrestaShop/PrestaShop/commit/73cfb44666818eefd501b526a894fe884dd12129"},{"name":"https://github.com/PrestaShop/PrestaShop/commit/ba06d18466df5b92cb841d504cc7210121104883","tags":["x_refsource_MISC"],"url":"https://github.com/PrestaShop/PrestaShop/commit/ba06d18466df5b92cb841d504cc7210121104883"}],"affected":[{"vendor":"PrestaShop","product":"PrestaShop","versions":[{"version":">= 8.0.0, < 8.1.3","status":"affected"},{"version":"< 1.7.8.11","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2024-01-02T21:03:17.816Z"},"descriptions":[{"lang":"en","value":"PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the `isCleanHTML` method. Some modules using the `isCleanHTML` method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this issue. The best workaround is to use the `HTMLPurifier` library to sanitize html input coming from users. The library is already available as a dependency in the PrestaShop project. Beware though that in legacy object models, fields of `HTML` type will call `isCleanHTML`."}],"source":{"advisory":"GHSA-xgpm-q3mq-46rq","discovery":"UNKNOWN"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T22:27:36.164Z"},"title":"CVE Program Container","references":[{"name":"https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xgpm-q3mq-46rq","tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xgpm-q3mq-46rq"},{"name":"https://github.com/PrestaShop/PrestaShop/commit/73cfb44666818eefd501b526a894fe884dd12129","tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/PrestaShop/PrestaShop/commit/73cfb44666818eefd501b526a894fe884dd12129"},{"name":"https://github.com/PrestaShop/PrestaShop/commit/ba06d18466df5b92cb841d504cc7210121104883","tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/PrestaShop/PrestaShop/commit/ba06d18466df5b92cb841d504cc7210121104883"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-05-08T15:48:20.023420Z","id":"CVE-2024-21627","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-03T14:45:21.732Z"}}]}}