Description
A stored cross-cite scripting vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to modify currency symbols can inject malicious javascript.
Remediation
References
Related Vulnerabilities
Grafana Authentication Bypass by Spoofing Vulnerability (CVE-2022-35957)
WordPress Plugin WP-SpamFree Anti-Spam 'id' Parameter SQL Injection (3.2.1)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-5447)
Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-41307)
Oracle Application Server CVE-2009-0993 Vulnerability (CVE-2009-0993)