Stored Cross-Site Scripting (XSS) Vulnerability in Magento 2.1, 2.2, and 2.3

Stored Cross-Site Scripting (XSS) Vulnerability in Magento 2.1, 2.2, and 2.3

CVE-2019-8120 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user can inject arbitrary Javascript code by manipulating section of a POST request related to customer's email address.

Learn more about our User Device Pen Test.