CVE-2022-35933

MEDIUM4.3EPSS 0.25%

PrestaShop Product Comments Cross-site Scripting vulnerability

發布日:2022/8/31修改日:2023/11/8

描述

### Impact An attacker could steal an admin's cookie ### Patches The issue is fixed in 5.0.2 ### References [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')](https://cwe.mitre.org/data/definitions/79.html)

受影響套件(1)

Packagist/prestashop/productcommentsfrom 0, < 5.0.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-35933
PATCHhttps://github.com/PrestaShop/productcomments
WEBhttps://github.com/PrestaShop/productcomments/commit/314456d739155aa71f0b235827e8e0f24b97c26b
WEBhttps://github.com/PrestaShop/productcomments/security/advisories/GHSA-prrh-qvhf-x788