Description

A stored cross-cite scripting vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to modify currency symbols can inject malicious javascript.

Remediation

References

CVE-2019-7945

Related Vulnerabilities

WordPress Plugin Wordpress Countdown Widget Cross-Site Scripting (3.1.9.2)

Apache Traffic Server Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2022-37392)

Ruby on Rails Improper Authentication Vulnerability (CVE-2012-3424)

WordPress Plugin Bookshelf Cross-Site Scripting (2.0.4)

WordPress Plugin Popups, Welcome Bar, Optins and Lead Generation-Icegram Cross-Site Scripting (2.0.2)

Severity

Medium

Classification

CVE-2019-7945 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities