A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. An authenticated user with privileges to manage orders can inject malicious javascript.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
magento magento |