CVE-2019-7862
Magento 2.x Reflected XSS in Product widget chooser (admin) affects: 2.1 before 2.1.18, 2.2 before 2.2.9, and 2.3 before 2.3.2. Root cause: reflected cross-site scripting in the admin panel’s Product widget chooser. Impact: as described, enabling an attacker to inject scripts via user input durin...