CVE-2019-7873 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=2.1.0 <2.1.18 || >=2.2.0 <2.2.9 || >=2.3.0 <2.3.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00028 pctl0.06198

Details

Magento 2 Community Edition Cross-site Scripting Vulnerability A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design schedule.

Metadata

Created: 2022-05-24T16:52:24Z
Modified: 2024-02-12T11:42:09Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8578-mmf4-f327/GHSA-8578-mmf4-f327.json
CWE IDs: ["CWE-352", "CWE-79"]
Alternative ID: GHSA-8578-mmf4-f327
Finding: F008
Auto approve: 1