Description
In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML.
Remediation
References
Related Vulnerabilities
WordPress Plugin Digital Publications by Supsystic Multiple Vulnerabilities (1.6.9)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-31549)
MySQL CVE-2017-10313 Vulnerability (CVE-2017-10313)
WordPress Plugin GD bbPress Attachments Cross-Site Scripting (2.5)