Description

A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Remediation

References

CVE-2019-7862

Related Vulnerabilities

Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-6270)

WordPress Plugin Vertical News Scroller Cross-Site Scripting (1.9)

WordPress Plugin CBX Petition for WordPress SQL Injection (1.0.3)

Oracle JRE CVE-2022-21366 Vulnerability (CVE-2022-21366)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-2064)

Severity

Medium

Classification

CVE-2019-7862 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities