Description
In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Photo Album 'photo' Parameter SQL Injection (1.0)
Apache HTTP Server Resource Management Errors Vulnerability (CVE-2007-6422)
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-4224)
WordPress Plugin Border Loading Bar Multiple Cross-Site Scripting Vulnerabilities (1.0)
Internet Information Services Other Vulnerability (CVE-2000-0970)