Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-9584 - Vulnerability Database

Magento

Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-9584

Medium

Reference: CVE-2020-9584

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-9584

Title: Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

Magento versions 2.3.4 and earlier 2.2.11 and earlier (see note) 1.14.4.4 and earlier and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.