CVE-2021-3110

The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade idproducts parameter...

CVE-2019-7944

A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the Retur...

CVE-2022-35933 PrestaShop module Product Comments vulnerable to cross-site scripting (XSS)

This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2...

PrestaShop Product Comments Cross-site Scripting vulnerability

Impact An attacker could steal an admin's cookie Patches The issue is fixed in 5.0.2 References Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

GHSA-3MXQ-V9RW-M6X9 Magento 2 Community Edition XSS Vulnerability

A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the Retur...

Magento 2 Community Edition XSS Vulnerability

A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the Retur...

Prestashop SQL注入漏洞

Prestashop is a set of open source e-commerce solutions from the United States Prestashop. The solution provides a variety of payment methods , short message alerts and product image scaling and other features . PrestaShop 1.7.7.0 suffers from a SQL injection vulnerability in which the source...

Cross-site Scripting (XSS)

prestashop/productcomments is vulnerable to cross-site scripting XSS. An attacker is able to inject malicious scripts into the users' web browsers using ajax requests...

CVE-2020-26225

In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed in 4.2.0...

Design/Logic Flaw

In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed in 4.2.0...

CVE-2020-26225

CVE-2020-26225 affects PrestaShop Product Comments. The vulnerability is a reflected cross-site scripting (XSS) flaw in the module’s handling of links, allowing an attacker to inject and execute malicious code in a user’s browser through a malicious link. Impact is described as enabling code exec...

Cross site scripting

A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the Retur...

CVE-2019-7944

A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the Retur...

PRODSECBUG-2378: Stored cross-site scripting in the Return Product comments feature

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

WordPress Plugin Comments Import & Export < 2.0.4 - CSV Injection

Exploit Title: Wordpress Plugin Comments Import & Export 2.0.4 - CSV Injection Google Dork: N/A Date: 2018-06-24 Exploit Author: Bhushan B. Patil Software Link: https://wordpress.org/plugins/comments-import-export-woocommerce/ Affected Version: 2.0.4 and before Category: Plugins and Extensions...