Security Advisory

CVE-2019-8227

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-11-06 00:00:16

Last updated 2024-08-04 21:10:33

Assigner adobe

State PUBLISHED

Description

In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML.

← Browse all CVEs View on cve.org ↗