Description

A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages.

Remediation

References

CVE-2019-7851

Related Vulnerabilities

MySQL CVE-2018-3173 Vulnerability (CVE-2018-3173)

WordPress Plugin Amazon JS Cross-Site Scripting (0.10)

WordPress Plugin Slideshow Gallery LITE Cross-Site Scripting (1.6.4)

WordPress Plugin WooCommerce Export Orders and More Cross-Site Scripting (2.0.10)

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Open Redirect (3.7.2.3)

Severity

Medium

Classification

CVE-2019-7851 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities