CVE-2019-8153

Name of the Vulnerable Software and Affected Versions Magento 2.2 versions prior to 2.2.10 Magento 2.3 versions prior to 2.3.3 Magento 2.3 version 2.3.2-p1

Description A mitigation bypass to prevent cross-site scripting (XSS) exists, allowing an attacker to bypass the escapeURL() function and execute a malicious XSS payload.

Recommendations For Magento 2.2 versions prior to 2.2.10, upgrade to version 2.2.10 or later. For Magento 2.3 versions prior to 2.3.3, upgrade to version 2.3.3 or later. For Magento 2.3 version 2.3.2-p1, upgrade to version 2.3.2-p2.