CVE-2019-7881

Name of the Vulnerable Software and Affected Versions Magento 2.1 versions 2.1.0 through 2.1.17 Magento 2.2 versions 2.2.0 through 2.2.8 Magento 2.3 versions 2.3.0 through 2.3.1

Description A cross-site scripting mitigation bypass exists, which could be exploited by an authenticated user to escalate privileges in an admin vs. admin XSS attack.

Recommendations For Magento 2.1 versions 2.1.0 through 2.1.17, update to version 2.1.18 or later. For Magento 2.2 versions 2.2.0 through 2.2.8, update to version 2.2.9 or later. For Magento 2.3 versions 2.3.0 through 2.3.1, update to version 2.3.2 or later.