Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-g8wq-cvqc-9kfr
Summary
Cross-site Scripting
In PrestaShop, the `shop_country` parameter in the `install/index.Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link.
Aliases
0
alias CVE-2019-11876
1
alias GHSA-6grv-hw8g-4gfm
Fixed_packages
0
url pkg:composer/drupal/core@8.7.1
purl pkg:composer/drupal/core@8.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-5618-53yg-8qh4
2
vulnerability VCID-5kh7-v1uc-wfha
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-6m8x-cfzp-tkf4
5
vulnerability VCID-77zc-1gc8-r7b7
6
vulnerability VCID-7fs3-gwc7-nkes
7
vulnerability VCID-9ss3-mvt3-8bem
8
vulnerability VCID-bbzr-hbhv-yyee
9
vulnerability VCID-bkxp-gn34-67av
10
vulnerability VCID-cvxp-ctj9-guej
11
vulnerability VCID-dgjq-y5zj-cud1
12
vulnerability VCID-ed6y-c9tz-mbds
13
vulnerability VCID-fwbj-ctxz-2bc6
14
vulnerability VCID-g33x-1paw-7udm
15
vulnerability VCID-hgb1-xrne-e7c8
16
vulnerability VCID-hwnd-nuv7-jqbh
17
vulnerability VCID-j21d-w3g7-cbcg
18
vulnerability VCID-jctf-yffu-hbag
19
vulnerability VCID-jrb8-jnz4-83c8
20
vulnerability VCID-k1gx-nznx-7qd6
21
vulnerability VCID-kam1-84p4-qych
22
vulnerability VCID-mapb-hsvc-2khc
23
vulnerability VCID-n119-gta2-kfg1
24
vulnerability VCID-n7un-zgqv-jfef
25
vulnerability VCID-nj3a-eb59-jygs
26
vulnerability VCID-qvbt-7e55-4bg4
27
vulnerability VCID-st6v-ch5g-r7h2
28
vulnerability VCID-syrg-ckq7-cbd6
29
vulnerability VCID-u4w3-usvb-jyf6
30
vulnerability VCID-ummk-h11z-bkaj
31
vulnerability VCID-uqcw-p8g2-cfd2
32
vulnerability VCID-v9v6-ae3e-g3hk
33
vulnerability VCID-vevm-4sfk-f7gq
34
vulnerability VCID-vrdx-165p-efda
35
vulnerability VCID-w6cz-mg4v-3udj
36
vulnerability VCID-wbuz-qcp3-43aq
37
vulnerability VCID-ww44-hb2y-mfd5
38
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.7.1
1
url pkg:composer/prestashop/prestashop@1.7.6.0
purl pkg:composer/prestashop/prestashop@1.7.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1trs-ajxn-jkhk
1
vulnerability VCID-22v3-9qr1-pyfg
2
vulnerability VCID-2kkx-8ucb-7ucj
3
vulnerability VCID-45hk-m7uv-zqfe
4
vulnerability VCID-7wj5-37ma-hbhg
5
vulnerability VCID-8beq-8rca-mbhd
6
vulnerability VCID-9n6p-8b89-63c6
7
vulnerability VCID-bmyy-gqbc-ybhz
8
vulnerability VCID-c4g5-t8vx-syax
9
vulnerability VCID-cf1h-m5xj-mfc5
10
vulnerability VCID-ey36-u4qn-gbge
11
vulnerability VCID-f4m9-pgg8-nqa3
12
vulnerability VCID-f7s4-16b7-zkcm
13
vulnerability VCID-fkcb-5u24-wqbg
14
vulnerability VCID-gggb-dges-qke1
15
vulnerability VCID-ghu1-c6e6-pudm
16
vulnerability VCID-htkt-tj6d-hydx
17
vulnerability VCID-keyj-v83x-nkck
18
vulnerability VCID-kwe1-5ukw-cbau
19
vulnerability VCID-mb3x-p2d7-gqdx
20
vulnerability VCID-qx7c-y2p8-vye9
21
vulnerability VCID-vcuy-9cdj-uyhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.6.0
Affected_packages
0
url pkg:composer/drupal/core@8.7.0
purl pkg:composer/drupal/core@8.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-349d-w26k-mqfw
2
vulnerability VCID-5618-53yg-8qh4
3
vulnerability VCID-5kh7-v1uc-wfha
4
vulnerability VCID-6ck5-9e5b-w3ay
5
vulnerability VCID-6m8x-cfzp-tkf4
6
vulnerability VCID-77zc-1gc8-r7b7
7
vulnerability VCID-7fs3-gwc7-nkes
8
vulnerability VCID-9ss3-mvt3-8bem
9
vulnerability VCID-bbzr-hbhv-yyee
10
vulnerability VCID-bkxp-gn34-67av
11
vulnerability VCID-cvxp-ctj9-guej
12
vulnerability VCID-dgjq-y5zj-cud1
13
vulnerability VCID-ed6y-c9tz-mbds
14
vulnerability VCID-fwbj-ctxz-2bc6
15
vulnerability VCID-g33x-1paw-7udm
16
vulnerability VCID-g8wq-cvqc-9kfr
17
vulnerability VCID-hgb1-xrne-e7c8
18
vulnerability VCID-hwnd-nuv7-jqbh
19
vulnerability VCID-j21d-w3g7-cbcg
20
vulnerability VCID-jctf-yffu-hbag
21
vulnerability VCID-jrb8-jnz4-83c8
22
vulnerability VCID-k1gx-nznx-7qd6
23
vulnerability VCID-kam1-84p4-qych
24
vulnerability VCID-mapb-hsvc-2khc
25
vulnerability VCID-n119-gta2-kfg1
26
vulnerability VCID-n7un-zgqv-jfef
27
vulnerability VCID-nj3a-eb59-jygs
28
vulnerability VCID-qvbt-7e55-4bg4
29
vulnerability VCID-st6v-ch5g-r7h2
30
vulnerability VCID-syrg-ckq7-cbd6
31
vulnerability VCID-u4w3-usvb-jyf6
32
vulnerability VCID-ummk-h11z-bkaj
33
vulnerability VCID-uqcw-p8g2-cfd2
34
vulnerability VCID-v9v6-ae3e-g3hk
35
vulnerability VCID-vevm-4sfk-f7gq
36
vulnerability VCID-vrdx-165p-efda
37
vulnerability VCID-w6cz-mg4v-3udj
38
vulnerability VCID-wbuz-qcp3-43aq
39
vulnerability VCID-ww44-hb2y-mfd5
40
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.7.0
1
url pkg:composer/prestashop/prestashop@1.7.5%2B2
purl pkg:composer/prestashop/prestashop@1.7.5%2B2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g8wq-cvqc-9kfr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.5%252B2
2
url pkg:composer/prestashop/prestashop@1.7.5.2
purl pkg:composer/prestashop/prestashop@1.7.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1trs-ajxn-jkhk
1
vulnerability VCID-22v3-9qr1-pyfg
2
vulnerability VCID-2kkx-8ucb-7ucj
3
vulnerability VCID-45hk-m7uv-zqfe
4
vulnerability VCID-7wj5-37ma-hbhg
5
vulnerability VCID-8beq-8rca-mbhd
6
vulnerability VCID-9n6p-8b89-63c6
7
vulnerability VCID-bmyy-gqbc-ybhz
8
vulnerability VCID-c4g5-t8vx-syax
9
vulnerability VCID-cf1h-m5xj-mfc5
10
vulnerability VCID-ey36-u4qn-gbge
11
vulnerability VCID-f4m9-pgg8-nqa3
12
vulnerability VCID-f7s4-16b7-zkcm
13
vulnerability VCID-fkcb-5u24-wqbg
14
vulnerability VCID-g8wq-cvqc-9kfr
15
vulnerability VCID-gggb-dges-qke1
16
vulnerability VCID-ghu1-c6e6-pudm
17
vulnerability VCID-htkt-tj6d-hydx
18
vulnerability VCID-keyj-v83x-nkck
19
vulnerability VCID-kwe1-5ukw-cbau
20
vulnerability VCID-mb3x-p2d7-gqdx
21
vulnerability VCID-qx7c-y2p8-vye9
22
vulnerability VCID-vcuy-9cdj-uyhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.5.2
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11876
reference_id
reference_type
scores
0
value 0.00212
scoring_system epss
scoring_elements 0.43729
published_at 2026-04-04T12:55:00Z
1
value 0.00212
scoring_system epss
scoring_elements 0.43741
published_at 2026-04-18T12:55:00Z
2
value 0.00212
scoring_system epss
scoring_elements 0.4375
published_at 2026-04-16T12:55:00Z
3
value 0.00212
scoring_system epss
scoring_elements 0.43688
published_at 2026-04-13T12:55:00Z
4
value 0.00212
scoring_system epss
scoring_elements 0.43705
published_at 2026-04-12T12:55:00Z
5
value 0.00212
scoring_system epss
scoring_elements 0.43736
published_at 2026-04-11T12:55:00Z
6
value 0.00212
scoring_system epss
scoring_elements 0.43717
published_at 2026-04-09T12:55:00Z
7
value 0.00212
scoring_system epss
scoring_elements 0.43713
published_at 2026-04-08T12:55:00Z
8
value 0.00212
scoring_system epss
scoring_elements 0.43647
published_at 2026-04-01T12:55:00Z
9
value 0.00212
scoring_system epss
scoring_elements 0.43704
published_at 2026-04-02T12:55:00Z
10
value 0.00212
scoring_system epss
scoring_elements 0.43663
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11876
1
reference_url https://github.com/PrestaShop/PrestaShop
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop
2
reference_url https://www.logicallysecure.com/blog/xss-presta-xss-drupal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.logicallysecure.com/blog/xss-presta-xss-drupal
3
reference_url https://www.logicallysecure.com/blog/xss-presta-xss-drupal/
reference_id
reference_type
scores
url https://www.logicallysecure.com/blog/xss-presta-xss-drupal/
4
reference_url https://www.prestashop.com/forums/forum/2-prestashop-news-and-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.prestashop.com/forums/forum/2-prestashop-news-and-releases
5
reference_url https://www.prestashop.com/forums/forum/2-prestashop-news-and-releases/
reference_id
reference_type
scores
url https://www.prestashop.com/forums/forum/2-prestashop-news-and-releases/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11876
reference_id CVE-2019-11876
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11876
7
reference_url https://github.com/advisories/GHSA-6grv-hw8g-4gfm
reference_id GHSA-6grv-hw8g-4gfm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6grv-hw8g-4gfm
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-g8wq-cvqc-9kfr