Description

A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Remediation

References

CVE-2019-7862

Related Vulnerabilities

WordPress Plugin WP Logs Book Cross-Site Scripting (1.0.1)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-50721)

Joomla! Core 1.0.x SQL Injection (1.0.0 - 1.0.11)

OpenSSL Inefficient Regular Expression Complexity Vulnerability (CVE-2023-3446)

Jenkins Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2021-21607)

Severity

Medium

Classification

CVE-2019-7862 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities