Cross-Site Scripting Mitigation Bypass in Magento 2.1, 2.2, and 2.3

Cross-Site Scripting Mitigation Bypass in Magento 2.1, 2.2, and 2.3

CVE-2019-7881 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user to escalate privileges (admin vs. admin XSS attack).

Learn more about our User Device Pen Test.