Описание
Magento 2 Community Edition XSS Vulnerability
A stored cross-site scripting vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the tax notifications configuration in the Magento admin panel.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-7853
- https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7853.yaml
- https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23
- https://web.archive.org/web/20220127030535/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-24
Пакеты
Наименование
magento/community-edition
composer
Затронутые версииВерсия исправления
>= 2.1.0, < 2.1.18
2.1.18
Наименование
magento/community-edition
composer
Затронутые версииВерсия исправления
>= 2.2.0, < 2.2.9
2.2.9
Наименование
magento/community-edition
composer
Затронутые версииВерсия исправления
>= 2.3.0, < 2.3.2
2.3.2
Связанные уязвимости
CVSS3: 4.8
nvd
больше 6 лет назад
A stored cross-site scripting vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the tax notifications configuration in the Magento admin panel.