Description
In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link.
Remediation
References
Related Vulnerabilities
WordPress Plugin Debug Log Manager Information Disclosure (2.2.2)
WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Arbitrary File Upload (0.1.0.38)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8669)
WordPress Plugin Popup by Supsystic Cross-Site Scripting (1.10.4)