Description: A stored XSS vulnerability from website user targeting admin accounts has been discovered in all the Magento 2.x versions. It’s really easy for an attacker to exploit this.
Type: General: Cross Site Scripting (stored)
CVSSv3 Severity: 9.6
Product(s) Affected: Magento 2.1 prior to 2.1.15, Magento 2.2 prior to 2.2.6
Fixed In: Magento 2.1.15, Magento 2.2.6