CVE-2019-8153

Summary

A mitigation bypass to prevent cross-site scripting (XSS) exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Successful exploitation of this vulnerability would result in an attacker being able to bypass the escapeURL() function and execute a malicious XSS payload.

Affected Software

VendorProductVersion RangeStatus
Adobe Systems IncorporatedMagento 2Magento 2.2 prior to 2.2.10affected
Adobe Systems IncorporatedMagento 2Magento 2.3 prior to 2.3.3 or 2.3.2-p1affected

Weaknesses

  • Security bypass

ADP Enrichment

CVE Program Container

Additional References

References