Description
A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
Remediation
References
Related Vulnerabilities
Grafana Other Vulnerability (CVE-2021-28147)
Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.9.18)
Jolokia Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-0168)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1582)
MediaWiki Improper Input Validation Vulnerability (CVE-2021-31555)