2 matches found
CVE-2019-7937
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to store product attributes to inject malicious javascript...
CVE-2019-7937
Magento 2.x stored XSS vulnerability (CVE-2019-7937) exists in admin panel. Affected: Magento 2.1 prior to 2.1.18, 2.2 prior to 2.2.9, and 2.3 prior to 2.3.2. Exploitation requires an authenticated user with privileges to store product attributes to inject JavaScript. Remediation: apply patch upd...