WEB APPLICATION VULNERABILITIES Standard & Premium

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11876)

Description

In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link.

Remediation

References

Related Vulnerabilities

WordPress Plugin Debug Log Manager Information Disclosure (2.2.2)

WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Arbitrary File Upload (0.1.0.38)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8669)

WordPress Plugin Popup by Supsystic Cross-Site Scripting (1.10.4)

WordPress Plugin MAC PHOTO GALLERY 'macalbajax.php' Multiple Cross-Site Scripting Vulnerabilities (2.10)

Severity

Medium

Classification

CVE-2019-11876 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities