CVE-2020-26225

Published November 16th, 2020

View on NVD ↗

CVSS v3

8.7

HIGH

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed in 4.2.0

PrestaShop/productcomments

PrestaShop module that allows users to post reviews and rate products.

GitHub