logo

Database

Reflected cross-site scripting (XSS) In drupal/core

Description

PrestaShop Cross-site Scripting vulnerability In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2019-118762. NVD-2019-118763. OSV-2019-118764. GCVE-2019-11876

References

1. https://www.logicallysecure.com/blog/xss-presta-xss-drupal/2. https://www.prestashop.com/forums/forum/2-prestashop-news-and-releases/3. https://www.logicallysecure.com/blog/xss-presta-xss-drupal4. https://www.prestashop.com/forums/forum/2-prestashop-news-and-releases

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.