Description
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access to admin panel.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-0424 Vulnerability (CVE-2013-0424)
TYPO3 Other Vulnerability (CVE-2006-0327)
WordPress Plugin World of Warcraft-Armory Table Cross-Site Scripting (0.2.5)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3176)
WordPress Plugin Quotes and Tips by BestWebSoft Cross-Site Scripting (1.32)