Description

A stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to products and categories.

Remediation

References

CVE-2019-7863

Related Vulnerabilities

Zenphoto Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-4906)

WordPress Plugin DW Question & Answer Multiple Unspecified Vulnerabilities (1.4.4)

WordPress Plugin MiniCart SQL Injection (1.00.1)

MySQL CVE-2024-21125 Vulnerability (CVE-2024-21125)

WordPress Plugin Contact Form 7 Multi-Step Addon Malicious Code (1.0.5)

Severity

Medium

Classification

CVE-2019-7863 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities