Description

A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design schedule.

Remediation

References

CVE-2019-7873

Related Vulnerabilities

MediaWiki Resource Management Errors Vulnerability (CVE-2015-2936)

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-40678)

Oracle JRE CVE-2013-2471 Vulnerability (CVE-2013-2471)

WordPress Plugin Smooth Scroll Page Up/Down Buttons Cross-Site Scripting (1.3)

MySQL CVE-2019-2957 Vulnerability (CVE-2019-2957)

Severity

Medium

Classification

CVE-2019-7873 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities