Moderate severityNVD Advisory· Published Sep 2, 2022· Updated Apr 23, 2025

PrestaShop module Product Comments vulnerable to cross-site scripting (XSS)

CVE-2022-35933

Description

This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
prestashop/productcommentsPackagist	< 5.0.2	5.0.2

Affected products

ghsa-coords
pkg:composer/prestashop/productcomments
Range: < 5.0.2
Prestashop/productcommentscpe-rescue
Range: < 5.0.2

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-prrh-qvhf-x788ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-35933ghsaADVISORY
github.com/PrestaShop/productcomments/commit/314456d739155aa71f0b235827e8e0f24b97c26bghsax_refsource_MISCWEB
github.com/PrestaShop/productcomments/security/advisories/GHSA-prrh-qvhf-x788ghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000