Lucene search
AdobeCVELIST:CVE-2019-7944HistoryAug 02, 2019 - 9:34 p.m.
CVE-2019-7944
2019-08-0221:34:28
adobe
www.cve.org
A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the Return Product comments field can inject malicious javascript.
CNA Affected
[
{
"product": "Magento 1 Magento 2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2"
}
]
}
]Related
cve
cve
CVE-2019-7944
2019-08-02 22:15:19
github
github
Magento 2 Community Edition XSS Vulnerability
2022-05-24 16:52:28
friendsofphp
friendsofphp
prion
prion
Cross site scripting
2019-08-02 22:15:00
osv
osv
Magento 2 Community Edition XSS Vulnerability
2022-05-24 16:52:28
CVE-2019-7944
2019-08-02 22:15:19
nvd
nvd
CVE-2019-7944
2019-08-02 22:15:19
openvas
openvas