CVE-2019-7947

MEDIUM

Magento Open Source <1.9.4.2 - Magento Commerce <1.14.4.2 - Magento...

Title source: llm

Description

A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33

Scores

CVSS v3 6.5

EPSS 0.0003

EPSS Percentile 9.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE

CWE-352

Status published

Products (3)

magento/community-edition 2.1.0 - 2.1.18Packagist

magento/magento < 1.14.4.2

magento/magento < 1.9.4.2

Published Aug 02, 2019

Tracked Since Feb 18, 2026