Description

A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages.

Remediation

References

CVE-2019-7851

Related Vulnerabilities

WordPress Plugin FireStorm Professional Real Estate Multiple SQL Injection Vulnerabilities (2.05.01)

WordPress Plugin Captchinoo, Google recaptcha for admin login page Cross-Site Request Forgery (2.4)

XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-6885)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-4850)

WordPress Plugin AJAX Random Post Cross-Site Scripting (2.00)

Severity

Medium

Classification

CVE-2019-7851 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities