Description
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate CMS section of the website can trigger remote code execution via custom layout update.
Remediation
References
Related Vulnerabilities
WordPress Plugin Comment Extra Fields Multiple Cross-Site Scripting Vulnerabilities (1.7)
WordPress Plugin DethemeKit For Elementor Multiple Cross-Site Scripting Vulnerabilities (1.5.5.4)
Atlassian Confluence CVE-2023-22515 Vulnerability (CVE-2023-22515)
WordPress Plugin Edit Author Slug Cross-Site Scripting (1.0.5.1)
WordPress Plugin iThemes Security (formerly Better WP Security) Security Bypass (7.9.0)