ASA-2019-00176 – Magento: SQL Injection and Stored Cross-Site Scripting (XSS) vulnerability in Catalog section

An authenticated user can embed malicious code through a Stored Cross-Site Scripting vulnerability (XSS) or an SQL Injection vulnerability in the Catalog section by manipulating attribute_code.