Description

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout.

Remediation

References

CVE-2019-7876

Related Vulnerabilities

WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more Cross-Site Scripting (2.5.2.1)

WordPress Plugin Amelia-Events & Appointments Booking Calendar Cross-Site Scripting (1.0.46)

WordPress Plugin 10WebAnalytics Cross-Site Request Forgery (1.2.8)

Chamilo Improper Input Validation Vulnerability (CVE-2012-4030)

WordPress Plugin WP iCommerce-the first interactive ecommerce for wordpress SQL Injection (1.1.1)

Severity

High

Classification

CVE-2019-7876 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities