CVE-2022-35933 MEDIUM

CVE-2022-35933: PrestaShop module Product Comments vulnerable to cross-site scripting (XSS)

Vendor Prestashop

Product productcomments

Weakness CWE-79 · XSS

Published September 2, 2022

Last update April 23, 2025

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2.

Key dates

02Disclosure timeline

September 2, 2022 CVE published

April 23, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-35933 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2022-35933: PrestaShop module Product Comments vulnerable to cross-site scripting (XSS)

01Description

02Disclosure timeline

03References

04Related CVE