2 matches found
CVE-2022-35933
PrestaShop Product Comments module (for PrestaShop) is affected by a cross-site scripting vulnerability prior to 5.0.2 that can allow an attacker to steal an administrator’s cookie. The root cause is insufficient filtering/escaping of user-supplied data, enabling cookie theft via crafted input. R...
CVE-2022-35933 PrestaShop module Product Comments vulnerable to cross-site scripting (XSS)
This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2...