Description

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to store product attributes to inject malicious javascript.

Remediation

References

CVE-2019-7937

Related Vulnerabilities

WordPress Plugin Advanced Woo Search Cross-Site Scripting (2.77)

Joomla! Core 1.5.x Open Redirect (1.5.0 - 1.5.6)

WordPress Plugin Comment Rating 'id' Parameter SQL Injection (2.9.23)

Oracle JRE CVE-2013-2383 Vulnerability (CVE-2013-2383)

Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-36400)

Severity

Medium

Classification

CVE-2019-7937 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities