Magento 2.3.1: Unauthenticated Stored XSS to RCE

A successful attack on a Magento store enables an unauthenticated adversary to persistently inject a JavaScript payload into the administrator backend, allowing for automated exploit steps in the browser of a victim. This vulnerability can be chained with another authentication bypass, resulting in a full takeover of the store by the attacker. The vulnerabilities are linked to the Authorize.Net payment module and affect many Magento stores that use this module. The severity of these issues is rated as high due to the ease of exploitation without prior knowledge or access to the store. An unauthenticated Stored XSS vulnerability can be chained with an authenticated Phar Deserialization vulnerability, enabling mass exploitation on a large scale. The exploitation often depends on multiple sanitization and logic flaws in Magento. It is highly recommended that all users update to the latest Magento version to fix these vulnerabilities.