Description
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
Remediation
References
Related Vulnerabilities
WordPress Plugin Child Theme Creator by Orbisius Cross-Site Request Forgery (1.5.1)
MySQL CVE-2013-5894 Vulnerability (CVE-2013-5894)
Claroline Other Vulnerability (CVE-2005-1377)
OpenSSL Cryptographic Issues Vulnerability (CVE-2014-3566)
Drupal Deserialization of Untrusted Data Vulnerability (CVE-2019-6340)