CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35933 – PrestaShop module Product Comments vulnerable to cross-site scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-35933
This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2. Este paquete es un módulo de PrestaShop que permite a usuarios publicar reseñas y calificar productos. Se presenta una vulnerabilidad por la que el atacante podría robar la cookie de un administrador. • https://github.com/PrestaShop/productcomments/commit/314456d739155aa71f0b235827e8e0f24b97c26b https://github.com/PrestaShop/productcomments/security/advisories/GHSA-prrh-qvhf-x788 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 1%CPEs: 1EXPL: 1CVE-2020-26248 – Blind SQL injection during the CommentGrade process
https://notcve.org/view.php?id=CVE-2020-26248
In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module. En el módulo de PrestaShop "productcomments" versiones anteriores a 4.2.1, un atacante puede usar una inyección SQL ciega para recuperar datos o detener el servicio MySQL. El problema es corregido en la versión 4.2.1 del módulo PrestaShop ProductComments version 4.2.0 suffers from a remote blind SQL injection vulnerability. • http://packetstormsecurity.com/files/160539/PrestaShop-ProductComments-4.2.0-SQL-Injection.html https://github.com/PrestaShop/productcomments/commit/7c2033dd811744e021da8897c80d6c301cd45ffa https://github.com/PrestaShop/productcomments/releases/tag/v4.2.1 https://github.com/PrestaShop/productcomments/security/advisories/GHSA-5v44-7647-xfw9 https://packagist.org/packages/prestashop/productcomments • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •