Description
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to customer configurations to inject malicious javascript.
Remediation
References
Related Vulnerabilities
WordPress Plugin One page checkout and layouts for woocommerce Unspecified Vulnerability (2.7)
WordPress Plugin Flamingo CSV Injection (2.1)
MySQL CVE-2020-2570 Vulnerability (CVE-2020-2570)
WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.6)
WordPress Plugin Contact Form Clean and Simple Cross-Site Scripting (4.4.0)