Description

A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Remediation

References

CVE-2019-7862

Related Vulnerabilities

Grafana Other Vulnerability (CVE-2021-28147)

Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.9.18)

Jolokia Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-0168)

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1582)

MediaWiki Improper Input Validation Vulnerability (CVE-2021-31555)

Severity

Medium

Classification

CVE-2019-7862 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities