Description
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate downloadable link and cause an invocation of error handling that acceses user input without sanitization.
Remediation
References
Related Vulnerabilities
WordPress Plugin Complete Gallery Manager for WordPress Arbitrary File Upload (3.3.3)
WordPress Plugin Elementor Pro Cross-Site Scripting (2.0.9)
MySQL CVE-2022-21594 Vulnerability (CVE-2022-21594)
WordPress Plugin Users to CSV Cross-Site Request Forgery (1.4.5)
WordPress Plugin Contextual Related Posts Cross-Site Scripting (3.3.0)