Skip to content

Reflected XSS with parameters in PostComment

Moderate severity GitHub Reviewed Published Nov 16, 2020 in PrestaShop/productcomments • Updated Jan 9, 2023

Package

composer prestashop/productcomments (Composer)

Affected versions

>= 4.0.0, < 4.2.0

Patched versions

4.2.0

Description

Impact

An attacker could inject malicious web code into the users' web browsers by creating a malicious link.

Patches

The problem is fixed in 4.2.0

References

Cross-site Scripting (XSS) - Reflected (CWE-79)

References

@PierreRambaud PierreRambaud published to PrestaShop/productcomments Nov 16, 2020
Reviewed Nov 16, 2020
Published to the GitHub Advisory Database Nov 16, 2020
Last updated Jan 9, 2023

Severity

Moderate

EPSS score

0.066%
(30th percentile)

Weaknesses

CVE ID

CVE-2020-26225

GHSA ID

GHSA-58w4-w77w-qv3w

Source code

No known source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.