Description
A mitigation bypass to prevent cross-site scripting (XSS) exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Successful exploitation of this vulnerability would result in an attacker being able to bypass the `escapeURL()` function and execute a malicious XSS payload.
Remediation
References
Related Vulnerabilities
WordPress Plugin Digital Publications by Supsystic Multiple Vulnerabilities (1.6.9)
WordPress Plugin MasterStudy LMS-for Online Courses and Education Local File Inclusion (3.3.3)
Apache httpd remote denial of service
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2009-0499)
WordPress Plugin Bad Behavior Multiple Vulnerabilities (2.2.18)