Lucene search
GoogleOSV:GHSA-PRRH-QVHF-X788HistoryAug 31, 2022 - 9:27 p.m.
PrestaShop Product Comments Cross-site Scripting vulnerability
2022-08-3121:27:38
Google
osv.dev
12
prestashop
comments
cross-site scripting
vulnerability
fixed
5.0.2
admin's cookie
cwe-79
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
26.2%
Impact
An attacker could steal an admin’s cookie
Patches
The issue is fixed in 5.0.2
References
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
Related
github
github
PrestaShop Product Comments Cross-site Scripting vulnerability
2022-08-31 21:27:38
cvelist
cvelist
cve
cve
CVE-2022-35933
2022-09-02 20:15:08
osv
osv
CVE-2022-35933
2022-09-02 20:15:08
veracode
veracode
Cross-site Scripting (XSS)
2022-09-01 06:45:15
nvd
nvd
CVE-2022-35933
2022-09-02 20:15:08
prion
prion
Design/Logic Flaw
2022-09-02 20:15:00
cnvd
cnvd
PrestaShop Cross-Site Scripting Vulnerability (CNVD-2022-62230)
2022-09-06 00:00:00
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
26.2%
Related for OSV:GHSA-PRRH-QVHF-X788