CVE-2019-7877
The CVE-2019-7877 entry details a stored cross-site scripting (XSS) vulnerability in Magento 2.x. An authenticated user with privileges to manage orders can inject malicious JavaScript via the admin panel in Magento 2.1 (<2.1.18), 2.2 (<2.2.9), and 2.3 (