Description
A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
Remediation
References
Related Vulnerabilities
IBM RTC Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-4974)
WordPress Plugin Captcha by BestWebSoft Multiple Cross-Site Scripting Vulnerabilities (4.1.5)
PHP Integer Overflow or Wraparound Vulnerability (CVE-2019-11048)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery SQL Injection (1.3.50)
WordPress Plugin Background Music Cross-Site Scripting (1.0)