Description

A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Remediation

References

CVE-2019-7862

Related Vulnerabilities

WordPress Plugin Monetize Multiple Vulnerabilities (1.03)

LimeSurvey CVE-2009-1604 Vulnerability (CVE-2009-1604)

Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-34187)

WordPress Plugin WP Review Unspecified Vulnerability (5.2.1)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-32667)

Severity

Medium

Classification

CVE-2019-7862 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities