Description

A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the editor can inject malicious SWF files.

Remediation

References

CVE-2019-7882

Related Vulnerabilities

Ruby Resource Management Errors Vulnerability (CVE-2008-2664)

Moodle CVE-2021-36397 Vulnerability (CVE-2021-36397)

Envoy Proxy Reachable Assertion Vulnerability (CVE-2022-29228)

WordPress Plugin Easy Coming Soon Cross-Site Scripting (1.8.1)

WordPress Plugin YITH WooCommerce Mailchimp Security Bypass (2.1.3)

Severity

Medium

Classification

CVE-2019-7882 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities