Description
A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user to escalate privileges (admin vs. admin XSS attack).
Remediation
References
Related Vulnerabilities
phpList CVE-2017-20031 Vulnerability (CVE-2017-20031)
Django Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-4534)
Perl Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-1238)
WordPress Plugin A.M.Y. Cross-Site Scripting (1.3.3)
Telerik Web UI Missing Authorization Vulnerability (CVE-2021-28141)