{"id":"CVE-2018-7491","details":"In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess function in classes/Tools.php sets neither X-Frame-Options nor 'Content-Security-Policy \"frame-ancestors' values.","modified":"2026-04-10T04:12:49.481477Z","published":"2018-02-26T17:29:00.350Z","references":[{"type":"REPORT","url":"https://github.com/PrestaShop/PrestaShop/pull/8807"},{"type":"REPORT","url":"http://forge.prestashop.com/browse/BOOM-4917"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/prestashop/prestashop","events":[{"introduced":"0"},{"last_affected":"1bd0f2291a5060cd00b15aa15a78cfd10198e062"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.7.2.5"}]}}],"versions":["1.6.0.1","1.6.0.3","1.6.1.0","1.7.0.0-beta.1.0","1.7.0.0-beta.2.0","1.7.0.0-beta.4.0","1.7.0.0-rc.0.0","1.7.2.0","1.7.2.0-rc.1.0","1.7.2.1","1.7.2.2","1.7.2.3","1.7.2.4","1.7.2.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-7491.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}