CVE-2024-21627

Summary

CVE-2024-21627 is a vulnerability affecting the PrestaShop open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, certain event attributes were not properly sanitized by the `isCleanHTML` method. This issue could leave some modules susceptible to cross-site scripting attacks. The latest versions 8.1.3 and 1.7.8.11 have been patched to address this vulnerability. Utilizing the `HTMLPurifier` library for sanitizing user input is recommended as an alternative solution, as it is already a dependency within the PrestaShop project. However, be aware that legacy object models may still call the `isCleanHTML` method on `HTML` type fields.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.