PRODSECBUG-2181: Stored cross-site scripting in the Admin Customer Segments area

Description:
An authenticated user with privileges to the Customer Segments section of the Admin can use a stored cross site scripting vulnerability to embed malicious code.

Type: General: Cross Site Scripting

CVSSv3 Severity: 6.5

Known Attacks: none

Product(s) Affected: Magento 2.1 prior to 2.1.17, Magento 2.2 prior to 2.2.8, Magento 2.3 prior to 2.3.1

Fixed In: Magento 2.1.17, Magento 2.2.8, Magento 2.3.1

Posted in Magento 2, Magento Commerce, Magento Open Source, Stored XSS