Description

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage tax rules.

Remediation

References

CVE-2019-7868

Related Vulnerabilities

Oracle JRE CVE-2020-2773 Vulnerability (CVE-2020-2773)

WordPress Plugin GoDaddy Email Marketing Cross-Site Request Forgery (1.1.2)

WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.8)

WordPress Plugin WP Google Maps Cross-Site Scripting (7.11.34)

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-29201)

Severity

Medium

Classification

CVE-2019-7868 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities