Magento 2 Community Edition XSS Vulnerability

🗓️ 24 May 2022 16:52:26Reported by GitHub Advisory DatabaseType

Magento 2 XSS Vulnerability in Admin Pane

Reporter	Title	Published	Views	Family All 13
CNVD	Magento Cross-Site Scripting Vulnerability (CNVD-2019-26216)	28 Jun 201900:00	–	cnvd
CVE	CVE-2019-7897	2 Aug 201921:24	–	cve
Cvelist	CVE-2019-7897	2 Aug 201921:24	–	cvelist
EUVD	EUVD-2022-4462	3 Oct 202520:07	–	euvd
Friends Of PHP	PRODSECBUG-2299: Stored cross-site scripting in the admin panel	25 Jun 201900:00	–	friendsofphp
Friends Of PHP	PRODSECBUG-2299: Stored cross-site scripting in the admin panel	25 Jun 201900:00	–	friendsofphp
Friends Of PHP	PRODSECBUG-2299: Stored cross-site scripting in the admin panel	25 Jun 201900:00	–	friendsofphp
NVD	CVE-2019-7897	2 Aug 201922:15	–	nvd
OpenVAS	Magento 2.1.x < 2.1.18, 2.2.x < 2.2.9, 2.3.x < 2.3.2 Multiple Vulnerabilities (Jun 2019)	4 Jul 201900:00	–	openvas
OSV	GHSA-JXP3-MMW7-8285 Magento 2 Community Edition XSS Vulnerability	24 May 202216:52	–	osv

Vulners

Node

magento community-editionRange2.3.0–2.3.2composer

magento community-editionRange2.2.0–2.2.9composer

magento community-editionRange2.1.0–2.1.18composer

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2019-7897
web	www.web.archive.org/web/20211206084839/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
github	www.github.com/FriendsOfPHP/security-advisories/blob/master/magento/magento1ce/CVE-2019-7897.yaml
github	www.github.com/FriendsOfPHP/security-advisories/blob/master/magento/magento1ee/CVE-2019-7897.yaml
github	www.github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7897.yaml
magento	www.magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
github	www.github.com/advisories/GHSA-jxp3-mmw7-8285

12 Feb 2024 11:18Current

5.9Medium risk

Vulners AI Score5.9

CVSS 23.5

CVSS 34.8

EPSS0.00092