in Magento before 1.9.4.3 and Magento before 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
magento magento |