First published: Mon Nov 16 2020(Updated: )
In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed in 4.2.0
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
PrestaShop Product Comments | >=4.0.0<4.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-26225 is a vulnerability in PrestaShop Product Comments before version 4.2.0 where an attacker could inject malicious web code into users' web browsers via a malicious link.
An attacker can exploit CVE-2020-26225 by creating a malicious link that injects malicious web code into users' web browsers.
Versions of PrestaShop Product Comments before version 4.2.0 are affected by CVE-2020-26225.
To fix CVE-2020-26225, upgrade to version 4.2.0 of PrestaShop Product Comments.
CVE-2020-26225 has a severity rating of 6.1 (high).