Description

In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link.

Remediation

References

CVE-2019-11876

Related Vulnerabilities

Oracle Database Server CVE-2006-3705 Vulnerability (CVE-2006-3705)

EspoCRM Cleartext Transmission of Sensitive Information Vulnerability (CVE-2022-38846)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Request Forgery (3.8.9)

WordPress Plugin Pinterest 'Pin It' Button Multiple Unspecified Vulnerabilities (1.3.1)

Oracle Database Server CVE-2006-0287 Vulnerability (CVE-2006-0287)

Severity

Medium

Classification

CVE-2019-11876 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities