Lucene search
China National Vulnerability DatabaseCNVD-2022-62230HistorySep 06, 2022 - 12:00 a.m.
PrestaShop Cross-Site Scripting Vulnerability (CNVD-2022-62230)
2022-09-0600:00:00
China National Vulnerability Database
www.cnvd.org.cn
16
prestashop
e-commerce
cross-site scripting
vulnerability
cnvd-2022-62230
payment methods
short message alerts
product image scaling
filtering
escaping
administrator's cookies.
0.001 Low
EPSS
Percentile
26.2%
PrestaShop is an open source e-commerce solution from PrestaShop Inc. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. PrestaShop module 5.0.2 prior versions of cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied data, an attacker can use the vulnerability can steal the administrator’s cookies.
| CPE | Name | Operator | Version |
|---|---|---|---|
| prestashop prestashop | lt | 5.0.2 |
Related
github
github
PrestaShop Product Comments Cross-site Scripting vulnerability
2022-08-31 21:27:38
cvelist
cvelist
cve
cve
CVE-2022-35933
2022-09-02 20:15:08
osv
osv
CVE-2022-35933
2022-09-02 20:15:08
PrestaShop Product Comments Cross-site Scripting vulnerability
2022-08-31 21:27:38
veracode
veracode
Cross-site Scripting (XSS)
2022-09-01 06:45:15
nvd
nvd
CVE-2022-35933
2022-09-02 20:15:08
prion
prion
Design/Logic Flaw
2022-09-02 20:15:00