CVE-2019-8120
Description
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user can inject arbitrary Javascript code by manipulating section of a POST request related to customer's email address.
CWE
- (none)
Affected
- Adobe Systems Incorporated / Magento 2 — v=Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p2 [affected]
CVSS
- (none)
References
Source
cvelistV5-main/cves/2019/8xxx/CVE-2019-8120.json