CVE-2019-8229
CVE-2019-8229 affects Magento: prior to 1.9.4.3 and prior to 1.14.4.3, an authenticated admin who can edit product attributes can execute arbitrary code via crafted layout updates. Impact per sources includes high/critical in CVSS metrics. Remediation is available: apply the Magento patch SUPEE-1...