Description
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify node attributes to inject malicious javascript.
Remediation
References
Related Vulnerabilities
Python Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4944)
WordPress Plugin WordPress Backup and Migrate-Backup Guard Cross-Site Request Forgery (1.1.90)
WordPress Plugin RSS for Yandex Turbo Cross-Site Scripting (1.29)
IBM RTC Incorrect Authorization Vulnerability (CVE-2017-1700)
ownCloud Improper Input Validation Vulnerability (CVE-2012-5336)