GMS-2022-3819: Duplicate of ./packagist/prestashop/productcomments/CVE-2022-35933.yml

August 31, 2022

Impact

An attacker could steal an admin’s cookie

Patches

The issue is fixed in 5.0.2

References

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

References

github.com/PrestaShop/productcomments/commit/314456d739155aa71f0b235827e8e0f24b97c26b
github.com/PrestaShop/productcomments/security/advisories/GHSA-prrh-qvhf-x788
github.com/advisories/GHSA-prrh-qvhf-x788

Detect and mitigate GMS-2022-3819 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →