Description
A mitigation bypass to prevent cross-site scripting (XSS) exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Successful exploitation of this vulnerability would result in an attacker being able to bypass the `escapeURL()` function and execute a malicious XSS payload.
Remediation
References
Related Vulnerabilities
WordPress Plugin Master Slider-Responsive Touch Slider SQL Injection (2.5.1)
WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.36)
WordPress Plugin All In One Favicon Cross-Site Scripting (4.6)
WebLogic Improper Input Validation Vulnerability (CVE-2020-10693)
WordPress Plugin WPFront Scroll Top Cross-Site Scripting (2.0.5.07184)