CVE-2019-8138
CVE-2019-8138 is a stored XSS in Magento 2.2 (before 2.2.10) and Magento 2.3 (before 2.3.3 or 2.3.2-p1). The vulnerability allows an authenticated user to execute arbitrary JavaScript by supplying an endpoint not checked by the sale pickup event. Impact is described as client-side code execution ...