In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users’ web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed in 4.2.0
CPE | Name | Operator | Version |
---|---|---|---|
product_comments | ge | 4.0.0 | |
product_comments | lt | 4.2.0 |