Prestashop Productcomments vulnerabilities
3 known vulnerabilities affecting prestashop/productcomments.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2020-26248P2HIGHCVSS 8.2PoCfixed in 4.2.1v>= 4.0.0, < 4.2.12020-12-03
CVE-2020-26248 [HIGH] CWE-89 CVE-2020-26248: In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL inj
In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.
ghsanvdosv
CVE-2020-26225P4MEDIUMCVSS 6.1v>= 4.0.0, < 4.2.02020-11-16
CVE-2020-26225 [MEDIUM] CWE-79 CVE-2020-26225: In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code int
In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed in 4.2.0
ghsanvdosv
CVE-2022-35933P4MEDIUMCVSS 6.1fixed in 5.0.22022-09-02
CVE-2022-35933 [MEDIUM] CWE-79 CVE-2022-35933: This package is a PrestaShop module that allows users to post reviews and rate products. There is a
This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2.
ghsanvdosv