CVE-2019-7882

Source
https://cve.org/CVERecord?id=CVE-2019-7882
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-7882.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-7882
Aliases
Published
2019-08-02T22:15:16.503Z
Modified
2026-07-08T05:55:08.659469181Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the editor can inject malicious SWF files.

Database specific
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*",
                "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*"
            ],
            "source": "CPE_RANGE",
            "vendor_product": "magento:magento",
            "extracted_events": [
                {
                    "fixed": "1.9.4.2"
                },
                {
                    "fixed": "1.9.4.2"
                },
                {
                    "fixed": "1.14.4.2"
                },
                {
                    "fixed": "1.14.4.2"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/magento/devdocs

Affected ranges

Type
GIT
Repo
https://github.com/magento/devdocs
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*",
    "extracted_events": [
        {
            "introduced": "2.1.0"
        },
        {
            "fixed": "2.1.18"
        },
        {
            "introduced": "2.2.0"
        },
        {
            "fixed": "2.2.9"
        },
        {
            "introduced": "2.3.0"
        },
        {
            "fixed": "2.3.2"
        }
    ]
}

Affected versions

2.*
2.1.16
2.1.17
2.2.7
2.2.8
2.3.0
2.3.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-7882.json"

Git / github.com/magento/magento2

Affected ranges

Type
GIT
Repo
https://github.com/magento/magento2
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*",
    "extracted_events": [
        {
            "introduced": "2.1.0"
        },
        {
            "fixed": "2.1.18"
        },
        {
            "introduced": "2.2.0"
        },
        {
            "fixed": "2.2.9"
        },
        {
            "introduced": "2.3.0"
        },
        {
            "fixed": "2.3.2"
        }
    ]
}

Affected versions

2.*
2.1.0
2.1.1
2.1.2
2.1.4
2.1.5
2.1.6
2.2.0-RC1.1
2.2.0-RC1.2
2.2.0-RC1.3
2.2.0-RC1.4
2.2.0-RC1.5
2.2.0-RC1.6
2.2.0-RC1.8
2.2.0-rc2.0
2.2.0-rc2.1
2.2.0-rc2.2
2.2.0-rc2.3
2.3.0
2.3.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-7882.json"