CVE-2019-8228

Publication date

2019-11-05 23:59:27

Family

adobe

State

PUBLISHED

Description

in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template.