Description

A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages.

Remediation

References

CVE-2019-7851

Related Vulnerabilities

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (2.9.31)

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9449)

phpMyFAQ Improper Access Control Vulnerability (CVE-2023-1883)

Jboss EAP XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2018-1000632)

Atlassian Jira Other Vulnerability (CVE-2019-14997)

Severity

Medium

Classification

CVE-2019-7851 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities