In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link.
Max CVSS
6.1
EPSS Score
0.11%
Published
2019-05-24
Updated
2019-05-28
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.
Max CVSS
5.4
EPSS Score
0.08%
Published
2019-05-16
Updated
2021-04-20
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.
Max CVSS
5.4
EPSS Score
68.23%
Published
2019-03-26
Updated
2019-05-16
Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal.
Max CVSS
4.8
EPSS Score
0.05%
Published
2019-11-21
Updated
2019-12-11
Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x before 6.x-2.1, 6.x-3.x before 6.x-3.1, and 7.x-3.x before 7.x-3.3 for Drupal.
Max CVSS
4.8
EPSS Score
0.05%
Published
2019-11-21
Updated
2019-12-11
Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has had user tagging enabled and the "Modify node taxonomy terms" action is used. A remote attacker could provide a specially-crafted URL that could lead to cross-site scripting (XSS) attack.
Max CVSS
6.1
EPSS Score
0.17%
Published
2019-11-25
Updated
2019-12-12
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission.
Max CVSS
4.8
EPSS Score
0.06%
Published
2019-11-07
Updated
2019-11-13
Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.
Max CVSS
6.1
EPSS Score
0.19%
Published
2019-11-07
Updated
2021-04-30
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!