Description
Samples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to inadequate validation of user input.
Remediation
References
Related Vulnerabilities
WordPress Plugin Database for Contact Form 7, WPforms, Elementor forms Cross-Site Scripting (1.3.3)
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-0328)
WordPress Plugin Media Library Assistant Multiple Vulnerabilities (2.65)
WordPress Plugin Gallery by BestWebSoft Cross-Site Scripting (4.2.1)
MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9418)