GCVE - cpe:2.3:a:prestashop:productcomments:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:prestashop:productcomments:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Prestashop (`236a7260-6e18-5f0f-b33a-a013be210d8c`)
Product	Productcomments (`e1c5f2e2-aeb8-5bfd-92eb-b6c0f1c33fce`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/prestashop/productcomments`	purl2cpe	2026-06-01 10:15:08.056670

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-35933`	vulnerable	2026-06-03 14:47:39.115265	PrestaShop module Product Comments vulnerable to cross-site scripting (XSS) MEDIUM (4.3) This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2. Published: 2022-09-02T19:30:14.000Z Updated: 2025-04-23T17:32:24.970Z Open on db.gcve.eu Reference links https://github.com/PrestaShop/productcomments/security/advisories/GHSA-prrh-qvhf-x788 https://github.com/PrestaShop/productcomments/commit/314456d739155aa71f0b235827e8e0f24b97c26b	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-26248`	vulnerable	2026-06-03 14:42:16.592312	Blind SQL injection during the CommentGrade process MEDIUM (6.8) In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module. Published: 2020-12-03T20:55:13.000Z Updated: 2024-08-04T15:56:04.591Z Open on db.gcve.eu Reference links https://github.com/PrestaShop/productcomments/security/advisories/GHSA-5v44-7647-xfw9 https://packagist.org/packages/prestashop/productcomments https://github.com/PrestaShop/productcomments/commit/7c2033dd811744e021da8897c80d6c301cd45ffa https://github.com/PrestaShop/productcomments/releases/tag/v4.2.1 http://packetstormsecurity.com/files/160539/PrestaShop-ProductComments-4.2.0-SQL-Injection.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-26225`	vulnerable	2026-06-03 14:42:16.504098	Reflected XSS in PrestaShop Product Comments HIGH (8.7) In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed in 4.2.0 Published: 2020-11-16T21:35:13.000Z Updated: 2024-08-04T15:49:07.376Z Open on db.gcve.eu Reference links https://github.com/PrestaShop/productcomments/security/advisories/GHSA-58w4-w77w-qv3w https://github.com/PrestaShop/productcomments/commit/c56e3e9495c4a0a9c1e7dc43e1bb0fcad2796dbf	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.