CVE-2019-7873Cross-Site Request Forgery in Magento

CWE-352Cross-Site Request ForgeryCWE-79Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 92.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
MagentoMagento Community-editionAdobe Systems Incorporated Magento 2
Timeline
PublishedAug 2
Latest updateMay 24

Description

A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design schedule.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDmagento/magento2.1.02.1.18+2
Packagistmagento/community-edition2.1.02.1.18+2
CVEListV5adobe_systems_incorporated/magento_2Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2

🔴Vulnerability Details

3
OSV
Magento 2 Community Edition Cross-site Scripting Vulnerability2022-05-24
GHSA
Magento 2 Community Edition Cross-site Scripting Vulnerability2022-05-24
CVEList
CVE-2019-7873: A cross-site request forgery vulnerability exists in Magento 22019-08-02
CVE-2019-7873 — Cross-Site Request Forgery in Magento | cvebase