{"id":"CVE-2020-26225","details":"In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed in 4.2.0","aliases":["GHSA-58w4-w77w-qv3w"],"modified":"2026-04-10T04:25:23.672560Z","published":"2020-11-16T22:15:12.570Z","related":["GHSA-58w4-w77w-qv3w"],"references":[{"type":"ADVISORY","url":"https://github.com/PrestaShop/productcomments/security/advisories/GHSA-58w4-w77w-qv3w"},{"type":"FIX","url":"https://github.com/PrestaShop/productcomments/commit/c56e3e9495c4a0a9c1e7dc43e1bb0fcad2796dbf"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/prestashop/productcomments","events":[{"introduced":"cacbdc538bd7a7e7fe59a8b49c043b9bf8e0be1d"},{"fixed":"c56e3e9495c4a0a9c1e7dc43e1bb0fcad2796dbf"}],"database_specific":{"versions":[{"introduced":"4.0.0"},{"fixed":"4.2.0"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-26225.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}