Magento LTS vulnerable to stored XSS in admin file form

Summary OpenMage is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Details MageAdminhtmlBlockSystemConfigFormFieldFile does not escape filename value in certain situations. Same...