CVE-2020-9691

Name of the Vulnerable Software and Affected Versions Magento versions 2.3.5-p1 and earlier

Description The issue is related to the lack of protection of the web page structure in Magento Commerce, a platform for developing and managing online stores. This could allow a remote attacker to execute arbitrary code in the context of the current user. The vulnerability is a DOM-based cross-site scripting issue, which could lead to arbitrary code execution if successfully exploited.

Recommendations For Magento versions 2.3.5-p1 and earlier, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.