CVE-2019-7881
MEDIUM5.4EPSS 0.09%Magento 2 Community Edition XSS Vulnerability
發布日:2022/5/24修改日:2024/2/16
描述
A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user to escalate privileges (admin vs. admin XSS attack).
受影響套件(1)
- Packagist/magento/community-edition>= 2.1, < 2.1.18
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
參考連結(4)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-7881
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7881.yaml
- WEBhttps://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23
- WEBhttps://web.archive.org/web/20220121051916/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23