What is the severity of CVE-2019-7938?

The severity of CVE-2019-7938 is classified as high due to its potential for stored cross-site scripting (XSS) attacks.

How do I fix CVE-2019-7938?

To fix CVE-2019-7938, upgrade your Magento installation to version 1.9.4.2 or later for Magento 1, and for Magento 2, update to versions 2.1.18, 2.2.9, or 2.3.2.

What versions of Magento are affected by CVE-2019-7938?

CVE-2019-7938 affects Magento Open Source versions prior to 1.9.4.2 and Magento Commerce versions prior to 1.14.4.2, as well as multiple Magento 2.x versions.

Can an unauthenticated user exploit CVE-2019-7938?

No, CVE-2019-7938 requires an authenticated user with privileges to exploit the stored cross-site scripting vulnerability.

Where can I find more information about CVE-2019-7938?

More information about CVE-2019-7938 can typically be found in official Magento security advisories.

Vulnerability/
CVE-2019-7938

medium

4.8

CWE

25/6/2019

2/8/2019

4/8/2024

CVE-2019-7938: XSS

First published: Tue Jun 25 2019(Updated: )

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify catalog price rules to inject malicious javascript.

Credit: psirt@adobe.com psirt@adobe.com

Affected Software	Affected Version	How to fix
composer/magento/magento1ce	>=1<1.9.4.2
composer/magento/magento1ee	>=1<1.14.4.2
composer/magento/product-community-edition	>=2.1<2.1.18>=2.2<2.2.9>=2.3<2.3.2
composer/magento/product-community-edition	>=2.3<2.3.2	2.3.2
composer/magento/product-community-edition	>=2.2<2.2.9	2.2.9
composer/magento/product-community-edition	>=2.1<2.1.18	2.1.18
composer/magento/magento1ee	>=1<1.14.4.2	1.14.4.2
composer/magento/magento1ce	>=1<1.9.4.2	1.9.4.2
composer/magento/community-edition	>=2.3.0<2.3.2	2.3.2
composer/magento/community-edition	>=2.2.0<2.2.9	2.2.9
composer/magento/community-edition	>=2.1.0<2.1.18	2.1.18
Magento	<1.9.4.2
Magento	<1.14.4.2
Magento	>=2.1.0<2.1.18
Magento	>=2.2.0<2.2.9
Magento	>=2.3.0<2.3.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-7938?
The severity of CVE-2019-7938 is classified as high due to its potential for stored cross-site scripting (XSS) attacks.
How do I fix CVE-2019-7938?
To fix CVE-2019-7938, upgrade your Magento installation to version 1.9.4.2 or later for Magento 1, and for Magento 2, update to versions 2.1.18, 2.2.9, or 2.3.2.
What versions of Magento are affected by CVE-2019-7938?
CVE-2019-7938 affects Magento Open Source versions prior to 1.9.4.2 and Magento Commerce versions prior to 1.14.4.2, as well as multiple Magento 2.x versions.
Can an unauthenticated user exploit CVE-2019-7938?
No, CVE-2019-7938 requires an authenticated user with privileges to exploit the stored cross-site scripting vulnerability.
Where can I find more information about CVE-2019-7938?
More information about CVE-2019-7938 can typically be found in official Magento security advisories.

collector/friends-of-php
agent/author
agent/type
agent/first-publish-date
collector/github-advisory-latest
source/GitHub
alias/GHSA-mgfr-44wv-hqv6
alias/CVE-2019-7938
agent/software-canonical-lookup
agent/severity
agent/references
agent/weakness
agent/description
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
agent/softwarecombine
package-manager/composer
vendor/magento
canonical/magento
version/magento/2.1.0
version/magento/2.2.0
version/magento/2.3.0

Frequently Asked Questions

What is the severity of CVE-2019-7938?
The severity of CVE-2019-7938 is classified as high due to its potential for stored cross-site scripting (XSS) attacks.
How do I fix CVE-2019-7938?
To fix CVE-2019-7938, upgrade your Magento installation to version 1.9.4.2 or later for Magento 1, and for Magento 2, update to versions 2.1.18, 2.2.9, or 2.3.2.
What versions of Magento are affected by CVE-2019-7938?
CVE-2019-7938 affects Magento Open Source versions prior to 1.9.4.2 and Magento Commerce versions prior to 1.14.4.2, as well as multiple Magento 2.x versions.
Can an unauthenticated user exploit CVE-2019-7938?
No, CVE-2019-7938 requires an authenticated user with privileges to exploit the stored cross-site scripting vulnerability.
Where can I find more information about CVE-2019-7938?
More information about CVE-2019-7938 can typically be found in official Magento security advisories.

CVE-2019-7938: XSS

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-7938?

How do I fix CVE-2019-7938?

What versions of Magento are affected by CVE-2019-7938?

Can an unauthenticated user exploit CVE-2019-7938?

Where can I find more information about CVE-2019-7938?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2019-7938?

How do I fix CVE-2019-7938?

What versions of Magento are affected by CVE-2019-7938?

Can an unauthenticated user exploit CVE-2019-7938?

Where can I find more information about CVE-2019-7938?