CVE-2019-11876
Last modified
CVE-2019-11876 is a vulnerability of currently unknown severity. In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link.. EPSS estimates a 0.89% chance of exploitation in the next 30 days.
Description
In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Prestashop | Prestashop | 1.7.5.2 |
| Drupal | Drupal | 8.7.0 |
References
- https://www.logicallysecure.com/blog/xss-presta-xss-drupal/Exploit, Vendor Advisory
- https://www.prestashop.com/forums/forum/2-prestashop-news-and-releases/Release Notes, Vendor Advisory
- https://www.logicallysecure.com/blog/xss-presta-xss-drupal/Exploit, Vendor Advisory
- https://www.prestashop.com/forums/forum/2-prestashop-news-and-releases/Release Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-11876?
How severe is CVE-2019-11876?
How do I fix CVE-2019-11876?
Are you affected by CVE-2019-11876?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST