Description

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user can inject arbitrary Javascript code by manipulating section of a POST request related to customer's email address.

Remediation

References

CVE-2019-8120

Related Vulnerabilities

WordPress Plugin DiveBook Multiple Vulnerabilities (1.1.4)

Apache Tomcat Improper Input Validation Vulnerability (CVE-2012-2733)

Apache Tomcat version older than 6.0.9

WordPress Plugin WP-SpamFree Anti-Spam Cross-Site Scripting (2.1.1.6)

WordPress Plugin Mingle Forum Multiple Vulnerabilities (1.0.33.3)

Severity

Medium

Classification

CVE-2019-8120 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities