Description

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage tax rules.

Remediation

References

CVE-2019-7868

Related Vulnerabilities

WordPress Plugin Sticky Ad Bar Cross-Site Scripting (1.3.1)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-10086)

WordPress Plugin SEO Smart Links Cross-Site Scripting (3.0.1)

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Security Bypass (3.0.7)

WordPress Plugin WordPress Backup and Migrate-Backup Guard Arbitrary File Upload (1.5.9)

Severity

Medium

Classification

CVE-2019-7868 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities