Tag: magento website to admin xss

APPSEC-2094: Stored XSS – Website to Admin in Global Search

Description: A stored XSS vulnerability from website user targeting admin accounts has been discovered in all the Magento 2.x versions. It’s really easy for an attacker to exploit this. Type: General: Cross Site Scripting (stored) CVSSv3 Severity: 9.6 Product(s) Affected:

Posted in Magento 2, Magento Commerce, Magento Open Source, Stored XSS Tagged with: