Description: An administrator with limited privileges can insert script into the CMS hierarchy, which could potentially result in a stored cross-site scripting that affects other administrators.
Type: Cross-site Scripting (XSS) – stored
CVSSv3 Severity: 5.0 (Medium)
Product(s) Affected: Magento Open Source prior to 22.214.171.124, and Magento Commerce prior to 126.96.36.199, Magento 2.2 prior to 2.2.3
Fixed In: Magento Open Source 188.8.131.52, Magento Commerce 184.108.40.206, SUPEE-10570, Magento 2.2.3