GHSA-prrh-qvhf-x788

Опубликовано: 31 авг. 2022

Источник: github

Github: Прошло ревью

CVSS3: 4.3

Описание

PrestaShop Product Comments Cross-site Scripting vulnerability

Impact

An attacker could steal an admin's cookie

Patches

The issue is fixed in 5.0.2

References

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ссылки

Пакеты

Наименование

prestashop/productcomments

composer

Затронутые версииВерсия исправления

< 5.0.2

5.0.2

EPSS

Процентиль: 46%

0.00234

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2022-35933

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-35933

CVSS3: 6.1

nvd

больше 3 лет назад

This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2.

EPSS

Процентиль: 46%

0.00234

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2022-35933

Дефекты

CWE-79