Cross site scripting

2019-11-0601:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

27.5%

JSON

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate downloadable link and cause an invocation of error handling that acceses user input without sanitization.

CPENameOperatorVersion
magentoge2.3.0
magentolt2.3.2
magentoge2.2.0
magentolt2.2.10
magentoge2.2.0
magentolt2.2.10
magentoeq2.3.2
magentoeq2.3.2
magentoge2.3.0
magentolt2.3.2