prestashop/productcomments
Packagist3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting prestashop/productcommentspage 1 of 1
- CVE-2020-26225HIGHCVSS 8.7EG 8.7✓ Fixed in 4.2.02020-11-16
vulnerable: v4.0.0, v4.0.1, v4.1.0
In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed in 4.2.0
- CVE-2020-26248MEDIUMCVSS 6.8EG 6.8✓ Fixed in 4.2.12020-12-03
vulnerable: v4.0.0, v4.0.1, v4.1.0, v4.2.0
In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.
- CVE-2022-35933MEDIUMCVSS 6.1EG 6.1✓ Fixed in 5.0.22022-09-02
vulnerable: 4.2.1 ... v5.0.1 (10 versions)
This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2.
Check whether prestashop/productcomments is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for prestashop/productcomments CVEs against the assets you own.
Start Free Scan →