Description
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
Remediation
References
Related Vulnerabilities
WordPress Plugin Revive Old Post-Auto Post to Social Media 'cat' Parameter SQL Injection (3.2.5)
Zope Web Application Server Other Vulnerability (CVE-2001-1278)
WordPress Plugin SnapApp Multiple Cross-Site Scripting Vulnerabilities (1.5)
IBM RTC Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2020-4544)