Description
In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link.
Remediation
References
Related Vulnerabilities
MySQL CVE-2012-1757 Vulnerability (CVE-2012-1757)
PostgreSQL Improper Access Control Vulnerability (CVE-2016-7048)
MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9411)
WordPress Plugin WatchTowerHQ Security Bypass (3.6.15)
WordPress Plugin File Manager Unspecified Vulnerability (2.2.0)