Description
In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a QuickAccess link. This is related to AdminQuickAccessesController.php, themes/default/template/header.tpl, and themes/new-theme/js/header.js.
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy Forms for MailChimp Cross-Site Scripting (6.1.2)
WordPress Plugin Contact Form by BestWebSoft Cross-Site Scripting (4.0.5)
Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2019-14888)
WordPress Plugin Ultimate FAQ Cross-Site Scripting (1.8.21)
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-14725)