Description
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
Remediation
References
Related Vulnerabilities
WordPress Plugin SlideDeck 2 Lite Responsive Content Slider Cross-Site Scripting (2.3.18)
WordPress Plugin Booking.com Banner Creator Cross-Site Scripting (1.4.2)
WordPress Plugin Invit0r 'ofc_upload_image.php' Arbitrary File Upload (0.22)
WordPress Plugin FooBox Image Lightbox Cross-Site Scripting (1.0.4)