CVE-2019-7865
HIGHMagento 2.1-2.1.17 - Cross-Site Request Forgery in Checkout Cart Item
Title source: llmDescription
A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33
Scores
CVSS v3
8.8
EPSS
0.0006
EPSS Percentile
18.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (3)
magento/community-edition
2.1.0 - 2.1.18Packagist
magento/magento
2.1.0 - 2.1.18
magento/product-community-edition
2.1 - 2.1.18Packagist
Published
Aug 02, 2019
Tracked Since
Feb 18, 2026