CVE-2019-7881

2019-08-0222:15:16

Google

osv.dev

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.3%

JSON

A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user to escalate privileges (admin vs. admin XSS attack).

CPENameOperatorVersion
devdocseq2.1.6
devdocseq2.3.0
devdocseq2.2.0
devdocseq2.2.3
devdocseq2.1.5
devdocseq2.1.1
devdocseq2.1.8
devdocseq2.3.1
devdocseq2.0.16
devdocseq2.0.13