CVE-2021-24323 – Woocommerce < 5.2.0 - Authenticated Stored Cross-Site Scripting (XSS)

https://notcve.org/view.php?id=CVE-2021-24323

21 Apr 2021 — When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfiltered_html is disabled Cuando la opción taxes está habilitada, el campo "Additional tax classes" no es saneado apropiadamente antes de ser devuelto en el panel de administración, permitiendo a usuarios con altos privilegios, tales como el administrador, usar cargas útiles XSS inclus... • https://wpscan.com/vulnerability/6d262555-7ae4-4e36-add6-4baa34dc3010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •