CVE-2019-8148

Name of the Vulnerable Software and Affected Versions Magento 2.3 versions prior to 2.3.3 Magento 2.3 versions prior to 2.3.2-p1

Description A stored cross-site scripting (XSS) issue exists, allowing an authenticated admin user to inject arbitrary JavaScript code when creating a content page via the page builder.

Recommendations For Magento 2.3 versions prior to 2.3.3, update to version 2.3.3 or later. For Magento 2.3 versions prior to 2.3.2-p1, update to version 2.3.2-p1 or later, then promptly upgrade to 2.3.2-p2.