Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05ODV3LW1xcXAtNzI4N84AAilc
Magento 2 Community Edition XSS Vulnerability
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user can inject arbitrary Javascript code by manipulating section of a POST request related to customer's email address.
Permalink: https://github.com/advisories/GHSA-985w-mqqp-7287JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05ODV3LW1xcXAtNzI4N84AAilc
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 3 months ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-985w-mqqp-7287, CVE-2019-8120
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-8120
- https://web.archive.org/web/20220121051105/https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
- https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-8120.yaml
- https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
- https://github.com/advisories/GHSA-985w-mqqp-7287
Affected Packages
packagist:magento/community-edition
Dependent packages: 12Dependent repositories: 12
Downloads: 47,718 total
Affected Version Ranges: >= 2.3.0, < 2.3.3, >= 2.2.0, < 2.2.10, >= 2.1.0, < 2.1.19
Fixed in: 2.3.3, 2.2.10, 2.1.19
All affected versions: 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.1.10, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.1.15, 2.1.16, 2.1.17, 2.1.18, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.3.0, 2.3.1, 2.3.2
All unaffected versions: 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.2.10, 2.2.11, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7