Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure .
{ "cpes": [ "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*", "cpe:2.3:a:magento:magento:*:*:*:*:community:*:*:*", "cpe:2.3:a:magento:magento:*:*:*:*:enterprise:*:*:*", "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*" ], "severity": "Medium" }