3 matches found
CVE-2019-8145
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into the attribute set name when listing the products...
CVE-2019-8145
CVE-2019-8145 describes a stored XSS vulnerability in Magento: authenticated users can inject arbitrary JavaScript into the attribute set name when listing products. Affected versions are Magento 2.2 before 2.2.10 and Magento 2.3 before 2.3.3 (or 2.3.2-p1). The issue stems from the attribute set ...
CVE-2019-8145
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into the attribute set name when listing the products...