Description
In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.
Remediation
References
Related Vulnerabilities
OpenSSL Improper Certificate Validation Vulnerability (CVE-2019-1552)
WebLogic CVE-2019-2888 Vulnerability (CVE-2019-2888)
WordPress Plugin bib2html Cross-Site Scripting (0.9.3)
WordPress Plugin Database Backup for WordPress Cross-Site Scripting (2.3.3)
Undertow Unchecked Return Value Vulnerability (CVE-2022-1319)