Description
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via title of an order when configuring sales payment methods for a store.
Remediation
References
Related Vulnerabilities
WordPress Plugin GA Backend Tracking Cross-Site Scripting (1.2)
WordPress Plugin Cookie Information-Free GDPR Consent Solution Cross-Site Scripting (1.5.5)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Open Redirect (4.4.1)
WordPress Plugin Indexisto WordPress Site Search Cross-Site Scripting (1.0.5)