CVE-2019-7921Cross-site Scripting in Magento

CWE-79Cross-site Scripting4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 75.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
MagentoMagento Community-editionAdobe Systems Incorporated Magento 2
Timeline
PublishedAug 2
Latest updateMay 24

Description

A stored cross-site scripting vulnerability exists in the product catalog form of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the product catalog to inject malicious javascript.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

NVDmagento/magento2.1.02.1.18+2
Packagistmagento/community-edition2.1.02.1.18+2
CVEListV5adobe_systems_incorporated/magento_2Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2

🔴Vulnerability Details

3
OSV
Magento 2 Community Edition Cross-site Scripting Vulnerability2022-05-24
GHSA
Magento 2 Community Edition Cross-site Scripting Vulnerability2022-05-24
CVEList
CVE-2019-7921: A stored cross-site scripting vulnerability exists in the product catalog form of Magento 22019-08-02
CVE-2019-7921 — Cross-site Scripting in Magento | cvebase