Skip to content

Reflected XSS with parameters in PostComment

Moderate severity GitHub Reviewed Published Nov 16, 2020 in PrestaShop/productcomments • Updated Jan 9, 2023

Package

composer prestashop/productcomments (Composer)

Affected versions

>= 4.0.0, < 4.2.0

Patched versions

4.2.0

Description

Impact

An attacker could inject malicious web code into the users' web browsers by creating a malicious link.

Patches

The problem is fixed in 4.2.0

References

Cross-site Scripting (XSS) - Reflected (CWE-79)

References

@PierreRambaud PierreRambaud published to PrestaShop/productcomments Nov 16, 2020
Reviewed Nov 16, 2020
Published to the GitHub Advisory Database Nov 16, 2020
Last updated Jan 9, 2023

Severity

Moderate

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(32nd percentile)

Weaknesses

CVE ID

CVE-2020-26225

GHSA ID

GHSA-58w4-w77w-qv3w

Source code

No known source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.