Description

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user can inject arbitrary Javascript code by manipulating section of a POST request related to customer's email address.

Remediation

References

CVE-2019-8120

Related Vulnerabilities

MySQL CVE-2022-21313 Vulnerability (CVE-2022-21313)

Restlet Framework Deserialization of Untrusted Data Vulnerability (CVE-2013-4271)

WordPress Plugin KBoard Multiple Vulnerabilities (3.3)

WordPress Plugin WP Content Copy Protection & No Right Click Security Bypass (3.1.4)

Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-47828)

Severity

Medium

Classification

CVE-2019-8120 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities