CVE-2019-8157
Magento 2.2.x before 2.2.10 and 2.3.x before 2.3.3 or 2.3.2-p1 are affected by a stored XSS vulnerability. An authenticated user can manipulate a downloadable link, triggering error handling that accesses unsanitized user input. This leads to stored cross-site scripting and potential data exposur...