CVE-2019-7939
published 2019-08-02CVE-2019-7939: A reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento…
PriorityP424medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
1.04%
59.8th percentile
A reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by sending a victim a crafted URL that results in malicious javascript execution in the victim's browser.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| magento | community-edition | >= 2.1 < 2.1.18 | 2.1.18 |
| magento | community-edition | >= 2.2 < 2.2.9 | 2.2.9 |
| magento | community-edition | >= 2.3 < 2.3.2 | 2.3.2 |
| magento | magento | >= 2.1.0 < 2.1.18 | 2.1.18 |
| magento | magento | >= 2.2.0 < 2.2.9 | 2.2.9 |
| magento | magento | >= 2.3.0 < 2.3.2 | 2.3.2 |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Magento Reflected cross-site scripting on customer cart page
osv·2022-05-24
CVE-2019-7939 [MEDIUM] Magento Reflected cross-site scripting on customer cart page
Magento Reflected cross-site scripting on customer cart page
A reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by sending a victim a crafted URL that results in malicious javascript execution in the victim's browser.
GHSA
Magento Reflected cross-site scripting on customer cart page
ghsa·2022-05-24
CVE-2019-7939 [MEDIUM] CWE-79 Magento Reflected cross-site scripting on customer cart page
Magento Reflected cross-site scripting on customer cart page
A reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by sending a victim a crafted URL that results in malicious javascript execution in the victim's browser.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-08-02
Published