CVE-2019-11876

Опубликовано: 24 мая 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link.

Ссылки

https://www.logicallysecure.com/blog/xss-presta-xss-drupal/
Exploit
Vendor Advisory
https://www.prestashop.com/forums/forum/2-prestashop-news-and-releases/
Release Notes
Vendor Advisory
https://www.logicallysecure.com/blog/xss-presta-xss-drupal/
Exploit
Vendor Advisory
https://www.prestashop.com/forums/forum/2-prestashop-news-and-releases/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prestashop:prestashop:1.7.5.2:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:drupal:drupal:8.7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00275

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-6grv-hw8g-4gfm