Description

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify node attributes to inject malicious javascript.

Remediation

References

CVE-2019-7926

Related Vulnerabilities

Zenphoto Other Vulnerability (CVE-2006-2186)

Joomla! Core Security Bypass (1.6.0 - 3.6.5)

WordPress Plugin YAWPP (Yet Another WordPress Petition Plugin) SQL Injection (1.2)

WordPress Plugin Ivory Search-WordPress Search Multiple Cross-Site Scripting Vulnerabilities (5.4)

WordPress Plugin Tabs-Responsive Tabs with WooCommerce Product Tab Extension Security Bypass (3.6.0)

Severity

Medium

Classification

CVE-2019-7926 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities