Description
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by sale pickup event.
Remediation
References
Related Vulnerabilities
Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-8140)
WordPress 2.8.4 Denial of Service Vulnerability (0.6.2 - 2.8.4)
PHP CVE-2007-5898 Vulnerability (CVE-2007-5898)
WordPress Plugin BuddyPress Arbitrary File Deletion (2.7.3)
WordPress Plugin Display Posts Shortcode Unspecified Vulnerability (1.9)