CVE-2022-35933

MEDIUM4.3EPSS 0.25%

PrestaShop Product Comments Cross-site Scripting vulnerability

Published: 8/31/2022Modified: 11/8/2023

Description

### Impact An attacker could steal an admin's cookie ### Patches The issue is fixed in 5.0.2 ### References [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')](https://cwe.mitre.org/data/definitions/79.html)

Affected packages (1)

Packagist/prestashop/productcommentsfrom 0, < 5.0.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-35933
PATCHhttps://github.com/PrestaShop/productcomments
WEBhttps://github.com/PrestaShop/productcomments/commit/314456d739155aa71f0b235827e8e0f24b97c26b
WEBhttps://github.com/PrestaShop/productcomments/security/advisories/GHSA-prrh-qvhf-x788