A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to customer configurations to inject malicious javascript.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: adobe
Published: 2019-08-02T21:24:04
Updated: 2024-08-04T21:02:19.263Z
Reserved: 2019-02-12T00:00:00
Link: CVE-2019-7897
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-08-02T22:15:17.253
Modified: 2024-11-21T04:48:56.020
Link: CVE-2019-7897
Redhat
No data.