CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35933 – PrestaShop module Product Comments vulnerable to cross-site scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-35933
02 Sep 2022 — This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2. Este paquete es un módulo de PrestaShop que permite a usuarios publicar reseñas y calificar productos. Se presenta una vulnerabilidad por la que el atacante podría robar la cookie de un administrador. • https://github.com/PrestaShop/productcomments/commit/314456d739155aa71f0b235827e8e0f24b97c26b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 81%CPEs: 1EXPL: 2CVE-2020-26248 – Blind SQL injection during the CommentGrade process
https://notcve.org/view.php?id=CVE-2020-26248
03 Dec 2020 — In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module. En el módulo de PrestaShop "productcomments" versiones anteriores a 4.2.1, un atacante puede usar una inyección SQL ciega para recuperar datos o detener el servicio MySQL. El problema es corregido en la versión 4.2.1 del módulo PrestaShop ProductComments version 4.2.0 suffers from a remote blind SQL injection ... • https://packetstorm.news/files/id/160539 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •