A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source before 1.9.4.2, and Magento Commerce before 1.14.4.2, Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This could be exploited by an authenticated user with privileges to newsletter templates.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
magento magento |