Количество 2
Количество 2
CVE-2019-8152
A stored cross-site scripting (XSS) vulnerability exists in in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to the wysiwyg editor can abuse the blockDirective() function and inject malicious javascript in the cache of the admin dashboard.
GHSA-jjmg-xmq2-g6ff
Magento 2 Community Edition XSS Vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2019-8152 A stored cross-site scripting (XSS) vulnerability exists in in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to the wysiwyg editor can abuse the blockDirective() function and inject malicious javascript in the cache of the admin dashboard. | CVSS3: 5.4 | 0% Низкий | больше 6 лет назад |
| GHSA-jjmg-xmq2-g6ff Magento 2 Community Edition XSS Vulnerability | CVSS3: 4.8 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу