Description
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify node attributes to inject malicious javascript.
Remediation
References
Related Vulnerabilities
WordPress Plugin Bliss Gallery Arbitrary File Upload (2.3)
WordPress Plugin VDZ VERIFICATION (Custom Meta Tags) Cross-Site Scripting (1.3.12)
Undertow CVE-2023-3223 Vulnerability (CVE-2023-3223)
WordPress Plugin Accept Stripe Donation-AidWP Security Bypass (2.8)
WordPress Plugin Translate WordPress with GTranslate Open Redirect (2.8.10)