Skip to content

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in prestashop/productcomments

Moderate
atomiix published GHSA-prrh-qvhf-x788 Aug 31, 2022

Package

composer prestashop/productcomments (Composer)

Affected versions

5.0.1

Patched versions

5.0.2

Description

Impact

An attacker could steal an admin's cookie

Patches

The issue is fixed in 5.0.2

References

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Severity

Moderate
4.3
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVE ID

CVE-2022-35933

Weaknesses