Description
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft malicious payload in the template Name field for Email template in the "Design Configuration" dashboard.
Remediation
References
Related Vulnerabilities
Drupal Configuration Vulnerability (CVE-2008-6171)
WordPress Plugin Smooth Slider SQL Injection (2.8.6)
Joomla Cryptographic Issues Vulnerability (CVE-2011-4321)
WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (2.0.226)
Liferay Portal CVE-2021-33330 Vulnerability (CVE-2021-33330)