CVE-2019-11876

{"id": "CVE-2019-11876", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2019-05-24T16:29:00.517", "references": [{"url": "https://www.logicallysecure.com/blog/xss-presta-xss-drupal/", "tags": ["Vendor Advisory", "Exploit"], "source": "cve@mitre.org"}, {"url": "https://www.prestashop.com/forums/forum/2-prestashop-news-and-releases/", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link."}, {"lang": "es", "value": "En PrestaShop versi\u00f3n 1.7.5.2, el par\u00e1metro shop_country en el archivo install/index.php la instalaci\u00f3n script/component se ve afectado por una vulnerabilidad Reflected XSS. la explotaci\u00f3n por parte de un actor malicioso requiere que el usuario siga las etapas iniciales de la configuraci\u00f3n (aceptando los t\u00e9rminos y condiciones) antes de ejecutar el enlace malicioso."}], "lastModified": "2019-05-28T14:59:05.460", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:prestashop:prestashop:1.7.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81923B28-0906-4A23-AF6A-529B0F50D530"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:8.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47FF6E8A-35A6-4406-ADB7-427AB8B094B3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}