Lucene search
AdobeCVELIST:CVE-2019-8152HistoryNov 05, 2019 - 11:47 p.m.
CVE-2019-8152
2019-11-0523:47:41
adobe
www.cve.org
0.001 Low
EPSS
Percentile
27.3%
A stored cross-site scripting (XSS) vulnerability exists in in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to the wysiwyg editor can abuse the blockDirective() function and inject malicious javascript in the cache of the admin dashboard.
CNA Affected
[
{
"product": "Magento 1 & 2",
"vendor": "Adobe Systems Incorporated",
"versions": [
{
"status": "affected",
"version": "Magento Open Source prior to 1.9.4.3"
},
{
"status": "affected",
"version": "and Magento Commerce prior to 1.14.4.3"
},
{
"status": "affected",
"version": "Magento 2.2 prior to 2.2.10"
},
{
"status": "affected",
"version": "Magento 2.3 prior to 2.3.3 or 2.3.2-p1"
}
]
}
]References
Related
nvd
nvd
CVE-2019-8152
2019-11-06 00:15:12
osv
osv
Magento 2 Community Edition XSS Vulnerability
2022-05-24 17:00:28
CVE-2019-8152
2019-11-06 00:15:12
github
github
Magento 2 Community Edition XSS Vulnerability
2022-05-24 17:00:28
friendsofphp
friendsofphp
PRODSECBUG-2344: Cross-Site Scripting via wysiwyg editor
2019-10-08 00:00:00
PRODSECBUG-2344: Cross-Site Scripting via wysiwyg editor
2019-10-08 00:00:00
PRODSECBUG-2344: Cross-Site Scripting via wysiwyg editor
2019-10-08 00:00:00
cve
cve
CVE-2019-8152
2019-11-06 00:15:12
prion
prion
Cross site scripting
2019-11-06 00:15:00