Reflected Cross-Site Scripting Vulnerability in Magento 2.x Product Widget Chooser

Reflected Cross-Site Scripting Vulnerability in Magento 2.x Product Widget Chooser

CVE-2019-7862 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Learn more about our Web Application Penetration Testing UK.