In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users’ web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed in 4.2.0
CPE | Name | Operator | Version |
---|---|---|---|
productcomments | eq | 3.6.1 | |
productcomments | eq | 4.0.0 | |
productcomments | eq | 3.6.0 |