Description

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user can inject arbitrary Javascript code by manipulating section of a POST request related to customer's email address.

Remediation

References

CVE-2019-8120

Related Vulnerabilities

WebLogic CVE-2021-2109 Vulnerability (CVE-2021-2109)

WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.16)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.67)

PHP Numeric Errors Vulnerability (CVE-2007-4657)

WordPress Plugin Simple Video Embedder Cross-Site Scripting (2.2)

Severity

Medium

Classification

CVE-2019-8120 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities