CVE-2019-8227

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
4.8MEDIUM
EPSS
1.8%
top 17.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Magento MagentoMagento CoreAdobe Systems Incorporated Magento 1
Timeline
PublishedNov 6
Latest updateMay 24

Description

In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages3 packages

Packagistmagento/core< 1.9.4.3
NVDmagento/magento1.5.0.01.9.4.3+1
CVEListV5adobe_systems_incorporated/magento_1Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3+1

🔴Vulnerability Details

3
GHSA
Magento XSS Vulnerability2022-05-24
OSV
Magento XSS Vulnerability2022-05-24
CVEList
CVE-2019-8227: In Magento prior to 12019-11-06
CVE-2019-8227 (MEDIUM CVSS 4.8) | In Magento prior to 1.9.4.3 and Mag | cvebase.io