Description

A reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by sending a victim a crafted URL that results in malicious javascript execution in the victim's browser.

Remediation

References

CVE-2019-7939

Related Vulnerabilities

WordPress 2.0.5 Charset Decoding SQL Injection Vulnerability (0.6.2 - 2.0.5)

Apache Tomcat Improper Handling of Exceptional Conditions Vulnerability (CVE-2021-30639)

WordPress Plugin Wow Moodboard Lite Open Redirect (1.1.1.1)

XWiki Cleartext Storage of Sensitive Information Vulnerability (CVE-2023-50719)

Drupal Core 8.9.x Cross-Site Scripting (8.9.0 - 8.9.19)

Severity

Medium

Classification

CVE-2019-7939 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities