Description
In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Content Copy Protection & No Right Click Security Bypass (3.1.4)
WordPress Plugin Simple Sticky Footer Cross-Site Request Forgery (1.3.2)
WordPress Plugin WP Simple Spreadsheet Fetcher for Google Cross-Site Request Forgery (0.3.6)
Drupal Core 8.x.x Cross-Site Request Forgery (8.0.0 - 8.8.12)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5335)