Description
A stored cross-cite scripting vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to modify currency symbols can inject malicious javascript.
Remediation
References
Related Vulnerabilities
WordPress Plugin Count per Day Cross-Site Request Forgery (3.2.5)
WordPress Plugin Convert Plus Security Bypass (3.4.2)
TwistedHTTP Request Splitting Vulnerability (CVE-2020-10108)
WordPress Plugin Google Analytics Top Content Widget Cross-Site Scripting (1.5.6)
Oracle Database Server CVE-2009-1991 Vulnerability (CVE-2009-1991)