Description
A stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to products and categories.
Remediation
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5266)
MySQL Resource Management Errors Vulnerability (CVE-2012-2749)
Apache Tomcat Other Vulnerability (CVE-2003-0866)
Oracle JRE CVE-2013-2422 Vulnerability (CVE-2013-2422)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3553)