Description
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user can inject arbitrary Javascript code by manipulating section of a POST request related to customer's email address.
Remediation
References
Related Vulnerabilities
WordPress Plugin Slider Hero with Animation, Video Background Cross-Site Request Forgery (8.2.0)
WordPress Plugin GigPress Multiple SQL Injection Vulnerabilities (2.3.8)
Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2019-10081)
WordPress Plugin RSS Includes Pages Unspecified Vulnerability (3.1)