Description
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit product content pages to inject malicious javascript.
Remediation
References
Related Vulnerabilities
WordPress Plugin Coupon Tab for DirectoryPress Multiple Cross-Site Scripting Vulnerabilities (0.2.0)
WordPress Plugin Google AdSense by BestWebSoft Cross-Site Scripting (1.29)
Nginx CVE-2011-4963 Vulnerability (CVE-2011-4963)
Serendipity Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-5475)
WordPress Plugin YITH WooCommerce Advanced Reviews Security Bypass (1.3.9)