Description

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage tax rules.

Remediation

References

CVE-2019-7868

Related Vulnerabilities

WordPress Plugin Easy Contact Form Solution Cross-Site Scripting (1.6)

WordPress Plugin Navis DocumentCloud Cross-Site Scripting (0.1)

WordPress Plugin myLinksDump 'url' Parameter SQL Injection (1.2)

WordPress Plugin WordPress Meta Data and Taxonomies Filter (MDTF) Cross-Site Request Forgery (1.2.7.2)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.14)

Severity

Medium

Classification

CVE-2019-7868 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities