CVE-2019-11876
MEDIUMPrestaShop 1.7.5.2 - Reflected Cross-Site Scripting via Shop Country Parameter
Title source: llmDescription
In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.prestashop.com/forums/forum/2-prestashop-news-and-releases/
Exploit, Vendor Advisory x_refsource_misc
https://www.logicallysecure.com/blog/xss-presta-xss-drupal/
Scores
CVSS v3
6.1
EPSS
0.0021
EPSS Percentile
43.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (3)
drupal/drupal
8.7.0
prestashop/prestashop
1.7.5.2
prestashop/prestashop
1.7.5.2 - 1.7.6.0Packagist
Published
May 24, 2019
Tracked Since
Feb 18, 2026