Description: An administrator with limited privileges can insert script into the shipment tracking, which could potentially result in stored cross-site scripting that affects other administrators.
Type: Cross-site Scripting (XSS) – stored
CVSSv3 Severity: 5.0 (Medium)
Product(s) Affected: Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, Magento 2.2 prior to 2.2.3
Fixed In: Magento 2.0.18, Magento 2.1.12, Magento 2.2.3