PRODSECBUG-2069: Vulnerability in Attribute Group Name

Reflected XSS can be inserted into an attribute group name in Admin > Stores > Attribute Set.

Type: Cross-Site Scripting (XSS) – reflected

CVSSv3 Severity: 4.2

Known Attacks: none

Product(s) Affected: Magento 2.1 prior to 2.1.16, Magento 2.2 prior to 2.2.7

Fixed In: Magento 2.1.16, Magento 2.2.7, Magento 2.3.0

Posted in Magento 2, Magento Commerce, Magento Open Source, Reflected XSS