A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to customer configurations to inject malicious javascript.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2019-08-02T21:24:04

Updated: 2024-08-04T21:02:19.263Z

Reserved: 2019-02-12T00:00:00

Link: CVE-2019-7897

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-08-02T22:15:17.253

Modified: 2024-11-21T04:48:56.020

Link: CVE-2019-7897

cve-icon Redhat

No data.