Lucene search
PRIOn knowledge basePRION:CVE-2019-8152HistoryNov 06, 2019 - 12:15 a.m.
Cross site scripting
2019-11-0600:15:00
PRIOn knowledge base
www.prio-n.com
2
0.001 Low
EPSS
Percentile
27.3%
A stored cross-site scripting (XSS) vulnerability exists in in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to the wysiwyg editor can abuse the blockDirective() function and inject malicious javascript in the cache of the admin dashboard.
References
Related
cvelist
cvelist
CVE-2019-8152
2019-11-05 23:47:41
github
github
Magento 2 Community Edition XSS Vulnerability
2022-05-24 17:00:28
friendsofphp
friendsofphp
PRODSECBUG-2344: Cross-Site Scripting via wysiwyg editor
2019-10-08 00:00:00
PRODSECBUG-2344: Cross-Site Scripting via wysiwyg editor
2019-10-08 00:00:00
PRODSECBUG-2344: Cross-Site Scripting via wysiwyg editor
2019-10-08 00:00:00
nvd
nvd
CVE-2019-8152
2019-11-06 00:15:12
osv
osv
Magento 2 Community Edition XSS Vulnerability
2022-05-24 17:00:28
CVE-2019-8152
2019-11-06 00:15:12
cve
cve
CVE-2019-8152
2019-11-06 00:15:12