Description
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticates user can inject arbitrary JavaScript code via product view id specification.
Remediation
References
Related Vulnerabilities
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5498)
WordPress Plugin Advanced Custom Fields (ACF) Security Bypass (5.12)
WordPress Plugin VM Backups Cross-Site Request Forgery (1.0)
Envoy Proxy Incorrect Authorization Vulnerability (CVE-2021-32779)
WordPress Plugin WordPress Email Template Designer-WP HTML Mail Cross-Site Scripting (3.0.9)