[prestashop/productcomments] PrestaShop Product Comments Cross-site Scripting vulnerability

Impact

An attacker could steal an admin’s cookie

Patches

The issue is fixed in 5.0.2

References

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

References

• https://github.com/PrestaShop/productcomments/security/advisories/GHSA-prrh-qvhf-x788
• https://github.com/PrestaShop/productcomments/commit/314456d739155aa71f0b235827e8e0f24b97c26b
• https://nvd.nist.gov/vuln/detail/CVE-2022-35933
• https://github.com/advisories/GHSA-prrh-qvhf-x788