Description
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to newsletter templates.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2022-5004 | A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to newsletter templates. |
Github GHSA |
GHSA-qmwh-rh2g-3682 | Magento 2 Community Edition Cross-site Scripting Vulnerability |
References
History
No history.
Status: PUBLISHED
Assigner: adobe
Published:
Updated: 2024-08-04T21:02:18.990Z
Reserved: 2019-02-12T00:00:00.000Z
Link: CVE-2019-7875
No data.
Status : Modified
Published: 2019-08-02T22:15:16.160
Modified: 2026-06-17T02:41:09.940
Link: CVE-2019-7875
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
EUVD
Github GHSA