Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wcnJoLXF2aGYteDc4OM4AAujw
PrestaShop Product Comments Cross-site Scripting vulnerability
Impact
An attacker could steal an admin's cookie
Patches
The issue is fixed in 5.0.2
References
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Permalink: https://github.com/advisories/GHSA-prrh-qvhf-x788JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wcnJoLXF2aGYteDc4OM4AAujw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 4.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Identifiers: GHSA-prrh-qvhf-x788, CVE-2022-35933
References:
- https://github.com/PrestaShop/productcomments/security/advisories/GHSA-prrh-qvhf-x788
- https://github.com/PrestaShop/productcomments/commit/314456d739155aa71f0b235827e8e0f24b97c26b
- https://nvd.nist.gov/vuln/detail/CVE-2022-35933
- https://github.com/advisories/GHSA-prrh-qvhf-x788
Blast Radius: 8.6
Affected Packages
packagist:prestashop/productcomments
Dependent packages: 1Dependent repositories: 100
Downloads: 2,887,103 total
Affected Version Ranges: < 5.0.2
Fixed in: 5.0.2
All affected versions: 3.6.0, 3.6.1, 4.0.0, 4.0.1, 4.1.0, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.1
All unaffected versions: 5.0.2, 5.0.3, 6.0.0, 6.0.1, 6.0.2, 6.0.3