Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
A patch SUPEE-11346 is available at Magento Open Source Download Page > Release Archive Tab > Magento Open Source Patches - 1.x Section