APPSEC-1892: Stored XSS in Visual Merchandiser

Description: An administrator with limited privileges can create a stored-cross site scripting attack in the Visual Merchaniser system.

Type: Cross-Site Scripting (XSS, stored)

CVSSv3 Severity: 6.1 (Medium)

Product(s) Affected: Magento Open Source prior to 1.9.3.7, and Magento Commerce prior to 1.14.3.7.

Fixed In: Magento Open Source 1.9.3.7, Magento Commerce 1.14.3.7, SUPEE-10415.

Posted in Magento 1, Magento Commerce, Magento Open Source, Stored XSS