CVE-2019-8227

描述

In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML.

受影響套件(1)

• Packagist/magento/corefrom 0, < 1.9.4.3

CVSS 分數

參考連結(2)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-8227
• WEBhttps://web.archive.org/web/20211209030216/https://magento.com/security/patches/supee-11219