Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1nZzk2LTh3OXgtN3J4Oc4AAhlA

Magento 2 Community Edition Cross-site Scripting Vulnerability

A stored cross-site scripting vulnerability exists in the product catalog form of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the product catalog to inject malicious javascript.

Permalink: https://github.com/advisories/GHSA-gg96-8w9x-7rx9
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nZzk2LTh3OXgtN3J4Oc4AAhlA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 19 days ago


CVSS Score: 5.4
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-gg96-8w9x-7rx9, CVE-2019-7921
References:

Affected Packages

packagist:magento/community-edition
Versions: >= 2.3.0, < 2.3.2, >= 2.2.0, < 2.2.9, >= 2.1.0, < 2.1.18
Fixed in: 2.3.2, 2.2.9, 2.1.18