3 matches found
GHSA-985W-MQQP-7287 Magento 2 Community Edition XSS Vulnerability
A stored cross-site scripting XSS vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user can inject arbitrary Javascript code by manipulating section of a POST request related to customer's email address...
CVE-2019-8120
A stored cross-site scripting XSS vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user can inject arbitrary Javascript code by manipulating section of a POST request related to customer's email address...
CVE-2005-4136
Cross-site scripting XSS vulnerability in login.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via the customerEmailAddress parameter...