Description
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify node attributes to inject malicious javascript.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2156)
WordPress Plugin Gallery-Photo Albums-Portfolio Cross-Site Scripting (1.3.47)
Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2018-1999042)
WordPress Plugin Contact Form DB Cross-Site Request Forgery (2.8.31)