A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can be exploited by an authenticated user with access to edit Product information via the TinyMCE editor.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
magento magento |