APPSEC-1892: Stored XSS in Visual Merchandiser

Description: An administrator with limited privileges can create a stored-cross site scripting attack in the Visual Merchaniser system.

Type: Cross-Site Scripting (XSS, stored)

CVSSv3 Severity: 6.1 (Medium)

Product(s) Affected: Magento Open Source prior to, and Magento Commerce prior to

Fixed In: Magento Open Source, Magento Commerce, SUPEE-10415.

Posted in Magento 1, Magento Commerce, Magento Open Source, Stored XSS