PrestaShop Product Comments Cross-site Scripting vulnerability · CVE-2022-35933 · GitHub Advisory Database · GitHub

PrestaShop Product Comments Cross-site Scripting vulnerability

Moderate severity GitHub Reviewed Published Aug 31, 2022 in PrestaShop/productcomments • Updated Jan 31, 2023

Package

prestashop/productcomments (Composer)

Affected versions

< 5.0.2

Patched versions

5.0.2

Description

Impact

An attacker could steal an admin's cookie

Patches

The issue is fixed in 5.0.2

References

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

References

atomiix published to PrestaShop/productcomments

Aug 31, 2022

Published to the GitHub Advisory Database Aug 31, 2022

Reviewed Aug 31, 2022

Published by the National Vulnerability Database

Sep 2, 2022

Last updated Jan 31, 2023

Severity

Moderate

4.3

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N