APPSEC-1907: Cross-site Scripting in Customer Address

Description: A user can insert script into his or her address, which could potentially result in stored cross-site scripting that affects administrators.

Type: Cross-site Scripting (XSS)

CVSSv3 Severity: 7.5 (High)

Product(s) Affected: Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, Magento 2.2 prior to 2.2.3

Fixed In: Magento 2.0.18, Magento 2.1.12, Magento 2.2.3

Posted in Magento 2, Magento Commerce, Magento Open Source, Stored XSS