Description: An administrator with limited privileges can embed cross-site scripting elements in the Newsletter template, which could potentially lead to a stored cross-site scripting attack.
Type: Cross-site Scripting (XSS) – stored
CVSSv3 Severity: 5.0 (Medium)
Product(s) Affected: Magento Open Source prior to 188.8.131.52, and Magento Commerce prior to 184.108.40.206, Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, Magento 2.2 prior to 2.2.3
Fixed In: Magento Open Source 220.127.116.11, Magento Commerce 18.104.22.168, SUPEE-10570, Magento 2.0.18, Magento 2.1.12, Magento 2.2.3