3 matches found
CVE-2019-8139
A stored cross-site scripting XSS vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary Javascript code into the dynamic block when invoking page builder on a product...
CVE-2019-8139
A stored cross-site scripting XSS vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary Javascript code into the dynamic block when invoking page builder on a product...
CVE-2019-8139
Magento 2.3.x prior to 2.3.3 or 2.3.2-p1 is affected by a stored XSS in the Page Builder dynamic block, exploitable by an authenticated user. The issue stems from arbitrary JavaScript injection into product pages. The recommended remediation is applying the Magento security patch in versions 2.3....