Description

A stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to products and categories.

Remediation

References

CVE-2019-7863

Related Vulnerabilities

WordPress Plugin FG PrestaShop to WooCommerce Cross-Site Scripting (3.19.1)

phpMyAdmin Other Vulnerability (CVE-2007-0095)

PHP Improper Input Validation Vulnerability (CVE-2012-0831)

Apache Traffic Server CVE-2022-47184 Vulnerability (CVE-2022-47184)

WordPress Plugin JetWidgets For Elementor Multiple Cross-Site Scripting Vulnerabilities (1.0.8)

Severity

Medium

Classification

CVE-2019-7863 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities