Lucene search
GoogleOSV:GHSA-8V75-8JJ8-77GFHistoryMay 24, 2022 - 4:52 p.m.
Magento 2 Community Edition XSS Vulnerability
2022-05-2416:52:24
Google
osv.dev
3
0.001 Low
EPSS
Percentile
27.8%
A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles.
References
github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7874.yaml
github.com/magento/magento2
magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
nvd.nist.gov/vuln/detail/CVE-2019-7874
web.archive.org/web/20211206084839/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
Related
nvd
nvd
CVE-2019-7874
2019-08-02 22:15:16
osv
osv
CVE-2019-7874
2019-08-02 22:15:16
github
github
Magento 2 Community Edition XSS Vulnerability
2022-05-24 16:52:24
cve
cve
CVE-2019-7874
2019-08-02 22:15:16
cvelist
cvelist
CVE-2019-7874
2019-08-02 21:18:13
friendsofphp
friendsofphp
prion
prion
Cross site request forgery (csrf)
2019-08-02 22:15:00
openvas
openvas