Description
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user can inject arbitrary Javascript code by manipulating section of a POST request related to customer's email address.
Remediation
References
Related Vulnerabilities
WordPress Plugin Royal Gallery Cross-Site Scripting (2.3)
Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1005)
MySQL CVE-2014-4238 Vulnerability (CVE-2014-4238)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29214)
WordPress Plugin Visualizer:Tables and Charts Manager for WordPress PHAR Deserialization (3.7.9)