{"id":"CVE-2019-11876","details":"In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link.","aliases":["GHSA-6grv-hw8g-4gfm"],"modified":"2026-04-10T04:11:58.064175Z","published":"2019-05-24T16:29:00.517Z","references":[{"type":"ADVISORY","url":"https://www.prestashop.com/forums/forum/2-prestashop-news-and-releases/"},{"type":"EVIDENCE","url":"https://www.logicallysecure.com/blog/xss-presta-xss-drupal/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/drupal/drupal","events":[{"introduced":"0"},{"last_affected":"17ba30046ed57677de4feff8d07354890b40efdb"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.7.0"}]}},{"type":"GIT","repo":"https://github.com/prestashop/prestashop","events":[{"introduced":"0"},{"last_affected":"4edececed3066f483a472d2ac9f611a7e800ad60"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.7.5.2"}]}}],"versions":["1.0","1.6.0.1","1.6.0.3","1.6.1.0","1.7.0.0-beta.1.0","1.7.0.0-beta.2.0","1.7.0.0-beta.4.0","1.7.0.0-rc.0.0","1.7.5.0","1.7.5.0-rc.1","1.7.5.1","1.7.5.2","2.0","3.0.1","5.0-beta-1","5.0-beta-2","5.0-rc-1","5.0-rc-2","6.0-beta-1","6.0-beta-2","6.0-beta-3","6.0-beta-4","6.0-rc-1","6.0-rc-2","6.0-rc-3","7.0","7.0-alpha1","7.0-alpha2","7.0-alpha3","7.0-alpha4","7.0-alpha5","7.0-alpha6","7.0-alpha7","7.0-beta1","7.0-beta2","7.0-beta3","7.0-rc-1","7.0-rc-2","7.0-rc-3","7.0-rc-4","7.0-unstable-1","7.0-unstable-10","7.0-unstable-2","7.0-unstable-3","7.0-unstable-4","7.0-unstable-5","7.0-unstable-6","7.0-unstable-7","8.0-alpha10","8.0-alpha11","8.0-alpha12","8.0-alpha13","8.0-alpha2","8.0-alpha3","8.0-alpha4","8.0-alpha5","8.0-alpha6","8.0-alpha7","8.0-alpha8","8.0-alpha9","8.0.0","8.0.0-alpha14","8.0.0-alpha15","8.0.0-beta1","8.0.0-beta10","8.0.0-beta11","8.0.0-beta12","8.0.0-beta13","8.0.0-beta14","8.0.0-beta15","8.0.0-beta16","8.0.0-beta2","8.0.0-beta3","8.0.0-beta4","8.0.0-beta5","8.0.0-beta6","8.0.0-beta7","8.0.0-beta9","8.0.0-rc1","8.0.0-rc2","8.0.0-rc3","8.0.0-rc4","8.1.0-beta1","8.7.0","8.7.0-alpha1","8.7.0-alpha2","8.7.0-beta1","8.7.0-beta2","8.7.0-rc1","start"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11876.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}