This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2.
Impact An attacker could steal an admin's cookie Patches The issue is fixed in 5.0.2 References Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
An attacker can use a Blind SQL injection to retrieve data or stop the MySQL service.
In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed in 4.2.0