Description
A mitigation bypass to prevent cross-site scripting (XSS) exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Successful exploitation of this vulnerability would result in an attacker being able to bypass the `escapeURL()` function and execute a malicious XSS payload.
Remediation
References
Related Vulnerabilities
WordPress Plugin Ultimate Addons for Beaver Builder Security Bypass (1.24.0)
MySQL CVE-2022-21314 Vulnerability (CVE-2022-21314)
Joomla! Core 3.4.x Cross-Site Scripting (3.4.0 - 3.4.3)
Envoy Proxy Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2024-32976)
WordPress Plugin WordPress Download Manager Cross-Site Scripting (2.5.8)