Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-8153

A mitigation bypass to prevent cross-site scripting (XSS) exists in Magento 2.2 prior to 2.2.10 Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Successful exploitation of this vulnerability would result in an attacker being able to bypass the escapeURL() function and execute a malicious XSS payload.