Skip to main content

Productcomments

2 CVEs product

Monthly

CVE-2022-35933 PHP MEDIUM PATCH This Month

This package is a PrestaShop module that allows users to post reviews and rate products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Productcomments
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2020-26248 PHP HIGH POC PATCH THREAT This Week

In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Productcomments
NVD GitHub
CVSS 3.1
8.2
EPSS
12.4%
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

This package is a PrestaShop module that allows users to post reviews and rate products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Productcomments
NVD GitHub
EPSS 12% CVSS 8.2
HIGH POC PATCH THREAT This Week

In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Productcomments
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy