Description

A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Remediation

References

CVE-2019-7862

Related Vulnerabilities

Moodle Insertion of Sensitive Information into Log File Vulnerability (CVE-2018-10889)

WordPress Plugin Simple visitor stat Cross-Site Scripting (1.0)

LimeSurvey Other Vulnerability (CVE-2014-5018)

Perl Out-of-bounds Write Vulnerability (CVE-2018-6797)

WordPress Plugin WordPress Responsive Preview Cross-Site Scripting (1.1)

Severity

Medium

Classification

CVE-2019-7862 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities