Description
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when creating a content page via page builder.
Remediation
References
Related Vulnerabilities
WordPress Plugin Time Sheets Multiple Cross-Site Scripting Vulnerabilities (1.5.1)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-2064)
Liferay Portal Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-33323)
WordPress Plugin Spectra-WordPress Gutenberg Blocks Cross-Site Scripting (1.14.11)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3180)