2 matches found
CVE-2019-8142
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via title of an order when configuring sales payment methods for a store...
CVE-2019-8142
CVE-2019-8142 is a stored XSS vulnerability affecting Magento 2.2 (before 2.2.10) and Magento 2.3 (before 2.3.3 or 2.3.2-p1). An authenticated user can inject arbitrary JavaScript via the order title when configuring sales payment methods. The issue is triggered in the merchant-facing configurati...