Description
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage tax rules.
Remediation
References
Related Vulnerabilities
WordPress Plugin Sticky Ad Bar Cross-Site Scripting (1.3.1)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-10086)
WordPress Plugin SEO Smart Links Cross-Site Scripting (3.0.1)
WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Security Bypass (3.0.7)
WordPress Plugin WordPress Backup and Migrate-Backup Guard Arbitrary File Upload (1.5.9)