Description
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP-SpamFree Anti-Spam 'id' Parameter SQL Injection (3.2.1)
OpenSSL Other Vulnerability (CVE-2014-0198)
Drupal Other Vulnerability (CVE-2006-5477)
Apache Tomcat Other Vulnerability (CVE-2002-1567)
WordPress Plugin MoodThingy Mood Rating Widget 'postID' Parameter Blind SQL Injection (0.8.7)