GHSA-7xqv-jgv6-x2h8

Source

https://github.com/advisories/GHSA-7xqv-jgv6-x2h8

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7xqv-jgv6-x2h8/GHSA-7xqv-jgv6-x2h8.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7xqv-jgv6-x2h8

Aliases

CVE-2019-7881

Published

2022-05-24T16:52:24Z

Modified

2024-02-16T08:23:36.786429Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Magento 2 Community Edition XSS Vulnerability

Details

A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user to escalate privileges (admin vs. admin XSS attack).

Database specific

{
    "nvd_published_at": "2019-08-02T22:15:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-17T21:49:41Z"
}

References

Affected packages

Packagist / magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1

Fixed

2.1.18

Affected versions

2.*

2.1.0-rc1

2.1.0-rc2

2.1.0-rc3

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.15

2.1.16

2.1.17

Packagist / magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2

Fixed

2.2.9

Affected versions

2.*

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

Packagist / magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.3

Fixed

2.3.2

Affected versions

2.*

2.3.0

2.3.1