5.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
38.6%
In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML.
magento.com/security/patches/supee-11219