2019-02-12 17:31:37 -05:00
{
2019-08-02 22:00:51 +00:00
"data_type" : "CVE" ,
"data_format" : "MITRE" ,
"data_version" : "4.0" ,
2019-03-17 23:11:38 +00:00
"CVE_data_meta" : {
"ID" : "CVE-2019-7881" ,
2019-08-02 22:00:51 +00:00
"ASSIGNER" : "psirt@adobe.com" ,
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "n/a" ,
"product" : {
"product_data" : [
{
"product_name" : "Magento 2" ,
"version" : {
"version_data" : [
{
"version_value" : "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2"
}
]
}
}
]
}
}
]
}
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "Cross-Site Scripting"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM" ,
"name" : "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" ,
"url" : "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23"
}
]
2019-03-17 23:11:38 +00:00
} ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2019-08-02 22:00:51 +00:00
"value" : "A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user to escalate privileges (admin vs. admin XSS attack)."
2019-03-17 23:11:38 +00:00
}
]
}
}
