Description

A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design schedule.

Remediation

References

CVE-2019-7873

Related Vulnerabilities

Atlassian Jira CVE-2019-20413 Vulnerability (CVE-2019-20413)

WordPress Plugin Scribble Maps Cross-Site Scripting (1.2)

GibbonEdu Session Fixation Vulnerability (CVE-2022-27305)

WordPress Plugin Buddy Share It Allusers FB YR Arbitrary File Upload (3.2.8)

WordPress Plugin MAC PHOTO GALLERY 'albid' Parameter Arbitrary File Disclosure (2.8)

Severity

Medium

Classification

CVE-2019-7873 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities