Description
In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link.
Remediation
References
Related Vulnerabilities
Python Integer Overflow or Wraparound Vulnerability (CVE-2010-1449)
WordPress Plugin Relevanssi-A Better Search 'Seach Query' Field HTML Injection (2.7.2)
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3736)
WordPress Plugin GS Products Slider for WooCommerce Cross-Site Scripting (1.5.8)