A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source before 1.9.4.2, and Magento Commerce before 1.14.4.2, Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This could be exploited by an authenticated user with privileges to edit newsletter templates to inject malicious javascript.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
magento magento |