Vulnerability Details CVE-2022-35933
This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.6%
CVSS Severity
CVSS v3 Score 4.3
References
- https://github.com/PrestaShop/productcomments/commit/314456d739155aa71f0b235827e8e0f24b97c26b
- https://github.com/PrestaShop/productcomments/security/advisories/GHSA-prrh-qvhf-x788
- https://github.com/PrestaShop/productcomments/commit/314456d739155aa71f0b235827e8e0f24b97c26b
- https://github.com/PrestaShop/productcomments/security/advisories/GHSA-prrh-qvhf-x788
Products affected by CVE-2022-35933
-
cpe:2.3:a:prestashop:productcomments:3.6.0
-
cpe:2.3:a:prestashop:productcomments:3.6.1
-
cpe:2.3:a:prestashop:productcomments:4.0.0
-
cpe:2.3:a:prestashop:productcomments:4.0.1
-
cpe:2.3:a:prestashop:productcomments:4.1.0
-
cpe:2.3:a:prestashop:productcomments:4.2.0
-
cpe:2.3:a:prestashop:productcomments:4.2.1