Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-8120
Reference:
CVE-2019-8120
Title:
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19 Magento 2.2 prior to 2.2.10 Magento 2.3 prior to 2.3.3. An authenticated user can inject arbitrary Javascript code by manipulating section of a POST request related to customer39s email address.