Description
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify node attributes to inject malicious javascript.
Remediation
References
Related Vulnerabilities
Zenphoto Other Vulnerability (CVE-2006-2186)
Joomla! Core Security Bypass (1.6.0 - 3.6.5)
WordPress Plugin YAWPP (Yet Another WordPress Petition Plugin) SQL Injection (1.2)
WordPress Plugin Ivory Search-WordPress Search Multiple Cross-Site Scripting Vulnerabilities (5.4)
WordPress Plugin Tabs-Responsive Tabs with WooCommerce Product Tab Extension Security Bypass (3.6.0)