diff --git a/app/code/Magento/Customer/Model/Plugin/UpdateCustomer.php b/app/code/Magento/Customer/Model/Plugin/UpdateCustomer.php
index c6207896fc55..e8d4bdaec2d2 100644
--- a/app/code/Magento/Customer/Model/Plugin/UpdateCustomer.php
+++ b/app/code/Magento/Customer/Model/Plugin/UpdateCustomer.php
@@ -52,14 +52,19 @@ public function beforeSave(
         CustomerInterface $customer,
         ?string $passwordHash = null
     ): array {
-        $customerSessionId = $this->userContext->getUserType() === $this->userContext::USER_TYPE_CUSTOMER ?
-                             (int)$this->userContext->getUserId() : 0;
+        $userType = $this->userContext->getUserType();
+        $customerSessionId = (int)$this->userContext->getUserId();
         $customerId = (int)$this->request->getParam('customerId');
         $bodyParams = $this->request->getBodyParams();
-        if (!isset($bodyParams['customer']['Id']) && $customerId) {
-            if ($customerId === $customerSessionId || $customerSessionId === 0) {
-                $customer = $this->getUpdatedCustomer($customerRepository->getById($customerId), $customer);
-            }
+
+        if ($userType === UserContextInterface::USER_TYPE_CUSTOMER &&
+            !isset($bodyParams['customer']['Id']) &&
+            $customerId &&
+            $customerId === $customerSessionId
+        ) {
+            $customer = $this->getUpdatedCustomer($customerRepository->getById($customerId), $customer);
+        } elseif ($userType === UserContextInterface::USER_TYPE_ADMIN && $customerId) {
+            $customer = $this->getUpdatedCustomer($customerRepository->getById($customerId), $customer);
         }
 
         return [$customer, $passwordHash];
diff --git a/app/code/Magento/Customer/Plugin/Webapi/Controller/Rest/ValidateCustomerData.php b/app/code/Magento/Customer/Plugin/Webapi/Controller/Rest/ValidateCustomerData.php
deleted file mode 100644
index 63551ff5a757..000000000000
--- a/app/code/Magento/Customer/Plugin/Webapi/Controller/Rest/ValidateCustomerData.php
+++ /dev/null
@@ -1,56 +0,0 @@
-<?php
-/**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
- */
-declare(strict_types=1);
-
-namespace Magento\Customer\Plugin\Webapi\Controller\Rest;
-
-use Magento\Webapi\Controller\Rest\ParamsOverrider;
-
-/**
- * Validates Customer Data
- */
-class ValidateCustomerData
-{
-    private const CUSTOMER_KEY = 'customer';
-
-    /**
-     * Before Overriding to validate data
-     *
-     * @param ParamsOverrider $subject
-     * @param array $inputData
-     * @param array $parameters
-     * @return array[]
-     *
-     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
-     */
-    public function beforeOverride(ParamsOverrider $subject, array $inputData, array $parameters): array
-    {
-        if (isset($inputData[self::CUSTOMER_KEY])) {
-            $inputData[self::CUSTOMER_KEY] = $this->validateInputData($inputData[self::CUSTOMER_KEY]);
-        }
-        return [$inputData, $parameters];
-    }
-
-    /**
-     * Validates InputData
-     *
-     * @param array $inputData
-     * @return array
-     */
-    private function validateInputData(array $inputData): array
-    {
-        $result = [];
-
-        $data = array_filter($inputData, function ($k) use (&$result) {
-            $key = is_string($k) ? strtolower(str_replace('_', "", $k)) : $k;
-            return !isset($result[$key]) && ($result[$key] = true);
-        }, ARRAY_FILTER_USE_KEY);
-
-        return array_map(function ($value) {
-            return is_array($value) ? $this->validateInputData($value) : $value;
-        }, $data);
-    }
-}
diff --git a/app/code/Magento/Customer/Test/Unit/Plugin/Webapi/Controller/Rest/ValidateCustomerDataTest.php b/app/code/Magento/Customer/Test/Unit/Plugin/Webapi/Controller/Rest/ValidateCustomerDataTest.php
deleted file mode 100644
index 564601e8e448..000000000000
--- a/app/code/Magento/Customer/Test/Unit/Plugin/Webapi/Controller/Rest/ValidateCustomerDataTest.php
+++ /dev/null
@@ -1,132 +0,0 @@
-<?php
-/**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
- */
-declare(strict_types=1);
-
-namespace Magento\Customer\Test\Unit\Plugin\Webapi\Controller\Rest;
-
-use Exception;
-use Magento\Customer\Plugin\Webapi\Controller\Rest\ValidateCustomerData;
-use Magento\Framework\App\ObjectManager;
-use PHPUnit\Framework\TestCase;
-use ReflectionClass;
-use Magento\Framework\TestFramework\Unit\Helper\ObjectManager as ObjectmanagerHelper;
-
-/**
- * Unit test for ValidateCustomerData plugin
- */
-class ValidateCustomerDataTest extends TestCase
-{
-
-    /**
-     * @var ValidateCustomerData
-     */
-    private $validateCustomerDataObject;
-
-    /**
-     * @var ReflectionClass
-     *
-     */
-    private $reflectionObject;
-
-    /**
-     * @inheritdoc
-     */
-    protected function setUp(): void
-    {
-        $objectManager = new ObjectmanagerHelper($this);
-        $objects = [
-            [
-                ValidateCustomerData::class,
-                $this->createMock(ValidateCustomerData::class)
-            ]
-        ];
-        $objectManager->prepareObjectManager($objects);
-        $this->validateCustomerDataObject = ObjectManager::getInstance()->get(ValidateCustomerData::class);
-        $this->reflectionObject = new ReflectionClass(get_class($this->validateCustomerDataObject));
-    }
-
-    /**
-     * Test if the customer Info is valid
-     *
-     * @param array $customerInfo
-     * @param array $result
-     * @dataProvider dataProviderInputData
-     * @throws Exception
-     */
-    public function testValidateInputData(array $customerInfo, array $result)
-    {
-        $this->assertEquals(
-            $result,
-            $this->invokeValidateInputData('validateInputData', [$customerInfo])
-        );
-    }
-
-    /**
-     * @param string $methodName
-     * @param array $arguments
-     * @return mixed
-     * @throws Exception
-     */
-    private function invokeValidateInputData(string $methodName, array $arguments = [])
-    {
-        $validateInputDataMethod = $this->reflectionObject->getMethod($methodName);
-        $validateInputDataMethod->setAccessible(true);
-        return $validateInputDataMethod->invokeArgs($this->validateCustomerDataObject, $arguments);
-    }
-
-    /**
-     * @return array
-     */
-    public static function dataProviderInputData(): array
-    {
-        return [
-            [
-                ['customer' => [
-                        'id' => -1,
-                        'Id' => 1,
-                        'name' => [
-                                'firstName' => 'Test',
-                                'LastName' => 'user'
-                            ],
-                        'isHavingOwnHouse' => 1,
-                        'address' => [
-                                'street' => '1st Street',
-                                'Street' => '3rd Street',
-                                'city' => 'London'
-                            ],
-                    ]
-                ],
-                ['customer' => [
-                        'id' => -1,
-                        'name' => [
-                                'firstName' => 'Test',
-                                'LastName' => 'user'
-                            ],
-                        'isHavingOwnHouse' => 1,
-                        'address' => [
-                                'street' => '1st Street',
-                                'city' => 'London'
-                            ],
-                    ]
-                ],
-                ['customer' => [
-                    'id' => -1,
-                    '_Id' => 1,
-                    'name' => [
-                        'firstName' => 'Test',
-                        'LastName' => 'user'
-                    ],
-                    'isHavingOwnHouse' => 1,
-                    'address' => [
-                        'street' => '1st Street',
-                        'city' => 'London'
-                    ],
-                ]
-                ],
-            ]
-        ];
-    }
-}
diff --git a/app/code/Magento/Customer/etc/webapi_rest/di.xml b/app/code/Magento/Customer/etc/webapi_rest/di.xml
index c5d7a28a3651..18627b68320e 100644
--- a/app/code/Magento/Customer/etc/webapi_rest/di.xml
+++ b/app/code/Magento/Customer/etc/webapi_rest/di.xml
@@ -31,9 +31,6 @@
             </argument>
         </arguments>
     </type>
-    <type name="Magento\Webapi\Controller\Rest\ParamsOverrider">
-        <plugin name="validateCustomerData" type="Magento\Customer\Plugin\Webapi\Controller\Rest\ValidateCustomerData" sortOrder="1" disabled="false" />
-    </type>
     <preference for="Magento\Customer\Api\AccountManagementInterface"
                 type="Magento\Customer\Model\AccountManagementApi" />
 </config>
diff --git a/app/code/Magento/Quote/Model/BillingAddressManagement.php b/app/code/Magento/Quote/Model/BillingAddressManagement.php
index 9ed4f5ecd516..066a1829625f 100644
--- a/app/code/Magento/Quote/Model/BillingAddressManagement.php
+++ b/app/code/Magento/Quote/Model/BillingAddressManagement.php
@@ -77,10 +77,6 @@ public function assign($cartId, AddressInterface $address, $useForShipping = fal
     {
         /** @var \Magento\Quote\Model\Quote $quote */
         $quote = $this->quoteRepository->getActive($cartId);
-
-        // validate the address
-        $this->addressValidator->validateWithExistingAddress($quote, $address);
-
         $address->setCustomerId($quote->getCustomerId());
         $quote->removeAddress($quote->getBillingAddress()->getId());
         $quote->setBillingAddress($address);
diff --git a/app/code/Magento/Quote/Model/QuoteAddressValidator.php b/app/code/Magento/Quote/Model/QuoteAddressValidator.php
index 5ac830d1b78c..dded1c84c3dd 100644
--- a/app/code/Magento/Quote/Model/QuoteAddressValidator.php
+++ b/app/code/Magento/Quote/Model/QuoteAddressValidator.php
@@ -121,27 +121,6 @@ public function validate(AddressInterface $addressData): bool
         return true;
     }
 
-    /**
-     * Validate Quest Address for guest user
-     *
-     * @param AddressInterface $address
-     * @param CartInterface $cart
-     * @return void
-     * @throws NoSuchEntityException
-     */
-    private function doValidateForGuestQuoteAddress(AddressInterface $address, CartInterface $cart): void
-    {
-        //validate guest cart address
-        if ($address->getId() !== null) {
-            $old = $cart->getAddressById($address->getId());
-            if ($old === false) {
-                throw new NoSuchEntityException(
-                    __('Invalid quote address id %1', $address->getId())
-                );
-            }
-        }
-    }
-
     /**
      * Validate address to be used for cart.
      *
@@ -153,9 +132,6 @@ private function doValidateForGuestQuoteAddress(AddressInterface $address, CartI
      */
     public function validateForCart(CartInterface $cart, AddressInterface $address): void
     {
-        if ($cart->getCustomerIsGuest()) {
-            $this->doValidateForGuestQuoteAddress($address, $cart);
-        }
         $this->doValidate($address, !$cart->getCustomer()->getId() ? null : (int) $cart->getCustomer()->getId());
     }
 
@@ -171,8 +147,8 @@ public function validateWithExistingAddress(CartInterface $cart, AddressInterfac
     {
         // check if address belongs to quote.
         if ($address->getId() !== null) {
-            $old = $cart->getAddressesCollection()->getItemById($address->getId());
-            if ($old === null) {
+            $old = $cart->getAddressById($address->getId());
+            if (empty($old)) {
                 throw new NoSuchEntityException(
                     __('Invalid quote address id %1', $address->getId())
                 );
diff --git a/app/code/Magento/Quote/Plugin/QuoteAddress.php b/app/code/Magento/Quote/Plugin/QuoteAddress.php
new file mode 100644
index 000000000000..53848b8ee9d6
--- /dev/null
+++ b/app/code/Magento/Quote/Plugin/QuoteAddress.php
@@ -0,0 +1,67 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Quote\Plugin;
+
+use Magento\Framework\Exception\NoSuchEntityException;
+use Magento\Quote\Model\Quote;
+use Magento\Quote\Api\Data\AddressInterface;
+use Magento\Quote\Model\QuoteAddressValidator;
+
+/**
+ * Quote address plugin
+ */
+class QuoteAddress
+{
+    /**
+     * @var QuoteAddressValidator
+     */
+    protected QuoteAddressValidator $addressValidator;
+
+    /**
+     * @param QuoteAddressValidator $addressValidator
+     */
+    public function __construct(
+        QuoteAddressValidator $addressValidator
+    ) {
+        $this->addressValidator = $addressValidator;
+    }
+
+    /**
+     * Validate address before setting billing address
+     *
+     * @param Quote $subject
+     * @param AddressInterface|null $address
+     * @return array
+     * @throws NoSuchEntityException
+     */
+    public function beforeSetBillingAddress(Quote $subject, AddressInterface $address = null): array
+    {
+        if ($address !== null) {
+            $this->addressValidator->validateWithExistingAddress($subject, $address);
+        }
+
+        return [$address];
+    }
+
+    /**
+     * Validate address before setting shipping address
+     *
+     * @param Quote $subject
+     * @param AddressInterface|null $address
+     * @return array
+     * @throws NoSuchEntityException
+     */
+    public function beforeSetShippingAddress(Quote $subject, AddressInterface $address = null): array
+    {
+        if ($address !== null) {
+            $this->addressValidator->validateWithExistingAddress($subject, $address);
+        }
+
+        return [$address];
+    }
+}
diff --git a/app/code/Magento/Quote/Plugin/ValidateQuoteOrigOrder.php b/app/code/Magento/Quote/Plugin/ValidateQuoteOrigOrder.php
new file mode 100644
index 000000000000..00bfda5738b8
--- /dev/null
+++ b/app/code/Magento/Quote/Plugin/ValidateQuoteOrigOrder.php
@@ -0,0 +1,65 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\Quote\Plugin;
+
+use Magento\Framework\Exception\NoSuchEntityException;
+use Magento\Framework\Webapi\Rest\Request as RestRequest;
+use Magento\Quote\Api\CartRepositoryInterface;
+use Magento\Quote\Api\Data\CartInterface;
+use Magento\Sales\Api\OrderRepositoryInterface;
+
+/**
+ * Validate order id from request param
+ */
+class ValidateQuoteOrigOrder
+{
+    /**
+     * @var OrderRepositoryInterface
+     */
+    private $orderRepository;
+
+    /**
+     * @var RestRequest $request
+     */
+    private $request;
+
+    /**
+     * @param RestRequest $request
+     * @param OrderRepositoryInterface $orderRepository
+     */
+    public function __construct(RestRequest $request, OrderRepositoryInterface $orderRepository)
+    {
+        $this->request = $request;
+        $this->orderRepository = $orderRepository;
+    }
+
+    /**
+     * Validate the user authorization to order
+     *
+     * @param CartRepositoryInterface $cartRepository
+     * @param CartInterface $quote
+     * @return void
+     * @throws NoSuchEntityException
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+     */
+    public function beforeSave(
+        CartRepositoryInterface $cartRepository,
+        CartInterface $quote
+    ): void {
+        $params = $this->request->getBodyParams();
+        if (!empty($params) && isset($params['quote']['orig_order_id'])) {
+            $orderId = $params['quote']['orig_order_id'];
+            $order = $this->orderRepository->get($orderId);
+            $orderCustomer = (int)$order->getCustomerId();
+            if ($quote->getCustomerId() !== $orderCustomer) {
+                throw new NoSuchEntityException(__('Please check input parameters.'));
+            }
+        }
+    }
+}
diff --git a/app/code/Magento/Quote/Plugin/Webapi/Controller/Rest/ValidateQuoteData.php b/app/code/Magento/Quote/Plugin/Webapi/Controller/Rest/ValidateQuoteData.php
deleted file mode 100644
index d27d49571e04..000000000000
--- a/app/code/Magento/Quote/Plugin/Webapi/Controller/Rest/ValidateQuoteData.php
+++ /dev/null
@@ -1,56 +0,0 @@
-<?php
-/**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
- */
-declare(strict_types=1);
-namespace Magento\Quote\Plugin\Webapi\Controller\Rest;
-
-use Magento\Webapi\Controller\Rest\ParamsOverrider;
-
-/**
- * Validates Quote Data
- */
-class ValidateQuoteData
-{
-    private const QUOTE_KEY = 'quote';
-
-    /**
-     * Before Overriding to validate data
-     *
-     * @param ParamsOverrider $subject
-     * @param array $inputData
-     * @param array $parameters
-     * @return array[]
-     *
-     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
-     */
-
-    public function beforeOverride(ParamsOverrider $subject, array $inputData, array $parameters): array
-    {
-        if (isset($inputData[self:: QUOTE_KEY])) {
-            $inputData[self:: QUOTE_KEY] = $this->validateInputData($inputData[self:: QUOTE_KEY]);
-        };
-        return [$inputData, $parameters];
-    }
-
-    /**
-     * Validates InputData
-     *
-     * @param array $inputData
-     * @return array
-     */
-    private function validateInputData(array $inputData): array
-    {
-        $result = [];
-
-        $data = array_filter($inputData, function ($k) use (&$result) {
-            $key = is_string($k) ? strtolower($k) : $k;
-            return !isset($result[$key]) && ($result[$key] = true);
-        }, ARRAY_FILTER_USE_KEY);
-
-        return array_map(function ($value) {
-            return is_array($value) ? $this->validateInputData($value) : $value;
-        }, $data);
-    }
-}
diff --git a/app/code/Magento/Quote/Test/Unit/Plugin/Webapi/Controller/Rest/ValidateQuoteDataTest.php b/app/code/Magento/Quote/Test/Unit/Plugin/Webapi/Controller/Rest/ValidateQuoteDataTest.php
deleted file mode 100644
index 8ed3713f546b..000000000000
--- a/app/code/Magento/Quote/Test/Unit/Plugin/Webapi/Controller/Rest/ValidateQuoteDataTest.php
+++ /dev/null
@@ -1,123 +0,0 @@
-<?php
-/**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
- */
-declare(strict_types=1);
-
-namespace Magento\Quote\Test\Unit\Plugin\Webapi\Controller\Rest;
-
-use Exception;
-use Magento\Directory\Helper\Data as DirectoryHelper;
-use Magento\Framework\App\ObjectManager;
-use Magento\Quote\Plugin\Webapi\Controller\Rest\ValidateQuoteData;
-use PHPUnit\Framework\TestCase;
-use ReflectionClass;
-
-/**
- * Unit test for ValidateQuoteData plugin
- */
-class ValidateQuoteDataTest extends TestCase
-{
-
-    /**
-     * @var ValidateQuoteData
-     */
-    private $validateQuoteDataObject;
-
-    /**
-     * @var ReflectionClass
-     *
-     */
-    private $reflectionObject;
-
-    /**
-     * @inheritdoc
-     */
-    protected function setUp(): void
-    {
-        $objectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
-        $objects = [
-            [
-                ValidateQuoteData::class,
-                $this->createMock(ValidateQuoteData::class)
-            ]
-        ];
-        $objectManager->prepareObjectManager($objects);
-        $this->validateQuoteDataObject = ObjectManager::getInstance()->get(ValidateQuoteData::class);
-        $this->reflectionObject = new ReflectionClass(get_class($this->validateQuoteDataObject));
-    }
-    /**
-     * Test if the quote array is valid
-     *
-     * @param array $array
-     * @param array $result
-     * @dataProvider dataProviderInputData
-     * @throws Exception
-     */
-    public function testValidateInputData(array $array, array $result)
-    {
-        $this->assertEquals(
-            $result,
-            $this->invokeValidateInputData('validateInputData', [$array])
-        );
-    }
-
-    /**
-     * @param string $methodName
-     * @param array $arguments
-     * @return mixed
-     * @throws Exception
-     */
-    private function invokeValidateInputData(string $methodName, array $arguments = [])
-    {
-        $validateInputDataMethod = $this->reflectionObject->getMethod($methodName);
-        $validateInputDataMethod->setAccessible(true);
-        return $validateInputDataMethod->invokeArgs($this->validateQuoteDataObject, $arguments);
-    }
-
-    /**
-     * @return array
-     */
-    public static function dataProviderInputData(): array
-    {
-        return [
-            [
-                ['person' =>
-                    [
-                        'id' => -1,
-                        'Id' => 1,
-                        'name' =>
-                            [
-                                'firstName' => 'John',
-                                'LastName' => 'S'
-                            ],
-                        'isHavingVehicle' => 1,
-                        'address' =>
-                            [
-                                'street' => '4th Street',
-                                'Street' => '2nd Street',
-                                'city' => 'Atlanta'
-                            ],
-                    ]
-                ],
-                ['person' =>
-                    [
-                        'id' => -1,
-                        'name' =>
-                            [
-                                'firstName' => 'John',
-                                'LastName' => 'S'
-                            ],
-                        'isHavingVehicle' => 1,
-                        'address' =>
-                            [
-                                'street' => '4th Street',
-                                'city' => 'Atlanta'
-                            ],
-                    ]
-                ],
-            ]
-        ];
-    }
-}
diff --git a/app/code/Magento/Quote/etc/webapi_rest/di.xml b/app/code/Magento/Quote/etc/webapi_rest/di.xml
index d5893f7d16d8..a3f481bd4946 100644
--- a/app/code/Magento/Quote/etc/webapi_rest/di.xml
+++ b/app/code/Magento/Quote/etc/webapi_rest/di.xml
@@ -18,8 +18,9 @@
     </type>
     <type name="Magento\Quote\Model\Quote">
         <plugin name="updateQuoteStoreId" type="Magento\Quote\Model\Quote\Plugin\UpdateQuoteStoreId" />
+        <plugin name="validateQuoteAddress" type="Magento\Quote\Plugin\QuoteAddress" />
     </type>
-    <type name="Magento\Webapi\Controller\Rest\ParamsOverrider">
-        <plugin name="validateQuoteData" type="Magento\Quote\Plugin\Webapi\Controller\Rest\ValidateQuoteData" sortOrder="1" disabled="false" />
+    <type name="Magento\Quote\Api\CartRepositoryInterface">
+        <plugin name="quoteValidateOrderId" type="Magento\Quote\Plugin\ValidateQuoteOrigOrder"/>
     </type>
 </config>
diff --git a/app/code/Magento/Quote/i18n/en_US.csv b/app/code/Magento/Quote/i18n/en_US.csv
index 1931709c1b0e..65c12c26fc6d 100644
--- a/app/code/Magento/Quote/i18n/en_US.csv
+++ b/app/code/Magento/Quote/i18n/en_US.csv
@@ -75,3 +75,4 @@ Carts,Carts
 "Please select a valid rate limit period in seconds: %1.","Please select a valid rate limit period in seconds: %1."
 "Identity type not found","Identity type not found"
 "Invalid order backpressure limit config","Invalid order backpressure limit config"
+"Please check input parameters.","Please check input parameters."
diff --git a/app/code/Magento/Sales/Helper/Admin.php b/app/code/Magento/Sales/Helper/Admin.php
index 1e2e5dfb7966..cc6e62bc710b 100644
--- a/app/code/Magento/Sales/Helper/Admin.php
+++ b/app/code/Magento/Sales/Helper/Admin.php
@@ -160,84 +160,6 @@ public function applySalableProductTypesFilter($collection)
      */
     public function escapeHtmlWithLinks($data, $allowedTags = null)
     {
-        if (!empty($data) && is_array($allowedTags) && in_array('a', $allowedTags)) {
-            $wrapperElementId = uniqid();
-            $domDocument = $this->domDocumentFactory->create();
-
-            $internalErrors = libxml_use_internal_errors(true);
-
-            $convmap = [0x80, 0x10FFFF, 0, 0x1FFFFF];
-            $data = mb_encode_numericentity(
-                $data,
-                $convmap,
-                'UTF-8'
-            );
-
-            $domDocument->loadHTML(
-                '<html><body id="' . $wrapperElementId . '">' . $data . '</body></html>'
-            );
-
-            libxml_use_internal_errors($internalErrors);
-
-            $linkTags = $domDocument->getElementsByTagName('a');
-
-            foreach ($linkTags as $linkNode) {
-                $linkAttributes = [];
-                foreach ($linkNode->attributes as $attribute) {
-                    $linkAttributes[$attribute->name] = $attribute->value;
-                }
-
-                foreach ($linkAttributes as $attributeName => $attributeValue) {
-                    if ($attributeName === 'href') {
-                        $url = $this->filterUrl($attributeValue ?? '');
-                        $url = $this->escaper->escapeUrl($url);
-                        $linkNode->setAttribute('href', $url);
-                    } else {
-                        $linkNode->removeAttribute($attributeName);
-                    }
-                }
-            }
-
-            $result = mb_decode_numericentity(
-                // phpcs:ignore Magento2.Functions.DiscouragedFunction
-                html_entity_decode(
-                    $domDocument->saveHTML(),
-                    ENT_QUOTES|ENT_SUBSTITUTE,
-                    'UTF-8'
-                ),
-                $convmap,
-                'UTF-8'
-            );
-
-            preg_match('/<body id="' . $wrapperElementId . '">(.+)<\/body><\/html>$/si', $result, $matches);
-            $data = !empty($matches) ? $matches[1] : '';
-        }
-
         return $this->escaper->escapeHtml($data, $allowedTags);
     }
-
-    /**
-     * Filter the URL for allowed protocols.
-     *
-     * @param string $url
-     * @return string
-     */
-    private function filterUrl(string $url): string
-    {
-        if ($url) {
-            //Revert the sprintf escaping
-            // phpcs:ignore Magento2.Functions.DiscouragedFunction
-            $urlScheme = parse_url($url, PHP_URL_SCHEME);
-            $urlScheme = $urlScheme ? strtolower($urlScheme) : '';
-            if ($urlScheme !== 'http' && $urlScheme !== 'https') {
-                $url = null;
-            }
-        }
-
-        if (!$url) {
-            $url = '#';
-        }
-
-        return $url;
-    }
 }
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/comments/view.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/comments/view.phtml
index c3a7321a3052..a83202754a90 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/comments/view.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/comments/view.phtml
@@ -5,13 +5,14 @@
  */
 
 /** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */
+/** @var \Magento\Framework\Escaper $escaper */
 ?>
 <?php if ($_entity = $block->getEntity()): ?>
 <div id="comments_block" class="edit-order-comments">
     <div class="order-history-block">
         <div class="admin__field field-row">
             <label class="admin__field-label"
-                   for="history_comment"><?= $block->escapeHtml(__('Comment Text')) ?></label>
+                   for="history_comment"><?= $escaper->escapeHtml(__('Comment Text')) ?></label>
             <div class="admin__field-control">
                 <textarea name="comment[comment]"
                           class="admin__control-textarea"
@@ -30,7 +31,7 @@
                                id="history_notify"
                                value="1" />
                         <label class="admin__field-label"
-                               for="history_notify"><?= $block->escapeHtml(__('Notify Customer by Email')) ?></label>
+                               for="history_notify"><?= $escaper->escapeHtml(__('Notify Customer by Email')) ?></label>
                     </div>
                 <?php endif; ?>
                 <div class="admin__field admin__field-option">
@@ -40,7 +41,7 @@
                            class="admin__control-checkbox"
                            value="1" />
                     <label class="admin__field-label"
-                           for="history_visible"> <?= $block->escapeHtml(__('Visible on Storefront')) ?></label>
+                           for="history_visible"> <?= $escaper->escapeHtml(__('Visible on Storefront')) ?></label>
                 </div>
             </div>
             <div class="order-history-comments-actions">
@@ -59,17 +60,20 @@
                     <?= /* @noEscape */ $block->formatTime($_comment->getCreatedAt(), \IntlDateFormatter::MEDIUM) ?>
                 </span>
                 <span class="note-list-customer">
-                    <?= $block->escapeHtml(__('Customer')) ?>
+                    <?= $escaper->escapeHtml(__('Customer')) ?>
                     <?php if ($_comment->getIsCustomerNotified()): ?>
-                        <span class="note-list-customer-notified"><?= $block->escapeHtml(__('Notified')) ?></span>
+                        <span class="note-list-customer-notified"><?= $escaper->escapeHtml(__('Notified')) ?></span>
                     <?php else: ?>
                         <span class="note-list-customer-not-notified">
-                            <?= $block->escapeHtml(__('Not Notified')) ?>
+                            <?= $escaper->escapeHtml(__('Not Notified')) ?>
                         </span>
                     <?php endif; ?>
                 </span>
                 <div class="note-list-comment">
-                    <?= $block->escapeHtml($_comment->getComment(), ['b', 'br', 'strong', 'i', 'u', 'a']) ?>
+                    <?= /* @noEscape */ nl2br($escaper->escapeHtml(
+                        $_comment->getComment(),
+                        ['b', 'br', 'strong', 'i', 'u', 'a']
+                    ))?>
                 </div>
             </li>
         <?php endforeach; ?>
@@ -78,7 +82,7 @@
     <?php $scriptString = <<<script
 require(['prototype'], function(){
     submitComment = function() {
-        submitAndReloadArea($('comments_block').parentNode, '{$block->escapeJs($block->getSubmitUrl())}')
+        submitAndReloadArea($('comments_block').parentNode, '{$escaper->escapeJs($block->getSubmitUrl())}')
     };
     if ($('submit_comment_button')) {
         $('submit_comment_button').observe('click', submitComment);
diff --git a/app/code/Magento/Ups/Model/Carrier.php b/app/code/Magento/Ups/Model/Carrier.php
index 091bd2b5a11c..0dd30c107a37 100644
--- a/app/code/Magento/Ups/Model/Carrier.php
+++ b/app/code/Magento/Ups/Model/Carrier.php
@@ -432,6 +432,19 @@ public function setRequest(RateRequest $request)
             $unit = $this->getConfigData('unit_of_measure');
         }
         $rowRequest->setUnitMeasure($unit);
+
+        $rowRequest->setPackageHeight($request->getPackageHeight());
+        $rowRequest->setPackageWidth($request->getPackageWidth());
+        $rowRequest->setPackageDepth($request->getPackageDepth());
+
+        if ($rowRequest->getUnitMeasure() == 'KGS') {
+            $rowRequest->setUnitDimensions('CM');
+            $rowRequest->setUnitDimensionsDescription('Centimeter');
+        } else {
+            $rowRequest->setUnitDimensions('IN');
+            $rowRequest->setUnitDimensionsDescription('Inches');
+        }
+
         $rowRequest->setIsReturn($request->getIsReturn());
         $rowRequest->setBaseSubtotalInclTax($request->getBaseSubtotalInclTax());
 
@@ -1134,6 +1147,10 @@ protected function _getRestQuotes()
             $rateParams['RateRequest']['Shipment']['Service']['Description'] = $serviceDescription;
         }
 
+        $height = $rowRequest->getPackageHeight() ?? 0;
+        $width = $rowRequest->getPackageWidth() ?? 0;
+        $length = $rowRequest->getPackageDepth() ?? 0;
+
         foreach ($rowRequest->getPackages() as $package) {
             $rateParams['RateRequest']['Shipment']['Package'][] = [
                 "PackagingType" => [
@@ -1142,12 +1159,12 @@ protected function _getRestQuotes()
                 ],
                 "Dimensions" => [
                     "UnitOfMeasurement" => [
-                        "Code" => "IN",
-                        "Description" => "Inches"
+                        "Code" => "{$rowRequest->getUnitDimensions()}",
+                        "Description" => "{$rowRequest->getUnitDimensionsDescription()}"
                     ],
-                    "Length" => "5",
-                    "Width" => "5",
-                    "Height" => "5"
+                    "Length" => "{$length}",
+                    "Width" => "{$width}",
+                    "Height" => "{$height}"
                 ],
                 "PackageWeight" => [
                     "UnitOfMeasurement" => [
diff --git a/app/code/Magento/Webapi/Controller/Rest/InputParamsResolver.php b/app/code/Magento/Webapi/Controller/Rest/InputParamsResolver.php
index fa59f1e6b3c3..35dee57678ff 100644
--- a/app/code/Magento/Webapi/Controller/Rest/InputParamsResolver.php
+++ b/app/code/Magento/Webapi/Controller/Rest/InputParamsResolver.php
@@ -138,14 +138,36 @@ public function getInputData()
                 $serviceMethodName
             );
             $inputData = array_merge($inputData, $this->request->getParams());
+            $inputData = $this->filterInputData($inputData);
         } else {
             $inputData = $this->request->getRequestData();
         }
+
         $this->validateParameters($serviceClassName, $serviceMethodName, array_keys($route->getParameters()));
 
         return $this->paramsOverrider->override($inputData, $route->getParameters());
     }
 
+    /**
+     * Validates InputData
+     *
+     * @param array $inputData
+     * @return array
+     */
+    private function filterInputData(array $inputData): array
+    {
+        $result = [];
+
+        $data = array_filter($inputData, function ($k) use (&$result) {
+            $key = is_string($k) ? strtolower(str_replace('_', "", $k)) : $k;
+            return !isset($result[$key]) && ($result[$key] = true);
+        }, ARRAY_FILTER_USE_KEY);
+
+        return array_map(function ($value) {
+            return is_array($value) ? $this->filterInputData($value) : $value;
+        }, $data);
+    }
+
     /**
      * Retrieve current route.
      *
diff --git a/dev/tests/api-functional/testsuite/Magento/Customer/Api/CustomerRepositoryTest.php b/dev/tests/api-functional/testsuite/Magento/Customer/Api/CustomerRepositoryTest.php
index 82d72105b41f..893d3538d44e 100644
--- a/dev/tests/api-functional/testsuite/Magento/Customer/Api/CustomerRepositoryTest.php
+++ b/dev/tests/api-functional/testsuite/Magento/Customer/Api/CustomerRepositoryTest.php
@@ -3,6 +3,7 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+declare(strict_types=1);
 
 namespace Magento\Customer\Api;
 
@@ -142,7 +143,7 @@ protected function tearDown(): void
     }
 
     /**
-     * Validate update by invalid customer.
+     * Validate update operation by invalid customer
      *
      */
     public function testInvalidCustomerUpdate()
@@ -152,9 +153,8 @@ public function testInvalidCustomerUpdate()
         //Create first customer and retrieve customer token.
         $firstCustomerData = $this->_createCustomer();
 
-        // get customer ID token
+        //Get customer ID token
         /** @var \Magento\Integration\Api\CustomerTokenServiceInterface $customerTokenService */
-        //$customerTokenService = $this->objectManager->create(CustomerTokenServiceInterface::class);
         $customerTokenService = Bootstrap::getObjectManager()->create(
             \Magento\Integration\Api\CustomerTokenServiceInterface::class
         );
@@ -238,11 +238,9 @@ public function testDeleteCustomer()
                 'operation' => self::SERVICE_NAME . 'DeleteById',
             ],
         ];
-        if (TESTS_WEB_API_ADAPTER == self::ADAPTER_SOAP) {
-            $response = $this->_webApiCall($serviceInfo, ['customerId' => $customerData['id']]);
-        } else {
-            $response = $this->_webApiCall($serviceInfo);
-        }
+        $response = (TESTS_WEB_API_ADAPTER === self::ADAPTER_SOAP)
+            ? $this->_webApiCall($serviceInfo, ['customerId' => $customerData['id']])
+            : $this->_webApiCall($serviceInfo);
 
         $this->assertTrue($response);
 
@@ -253,7 +251,7 @@ public function testDeleteCustomer()
     }
 
     /**
-     * Check that non authorized consumer can`t delete customer.
+     * Check that non-authorized consumer can`t delete customer.
      *
      * @return void
      */
@@ -347,10 +345,10 @@ public function testDeleteCustomerInvalidCustomerId(): void
     public function testUpdateCustomer(): void
     {
         $customerId = 1;
-        $updatedLastname = 'Updated lastname';
+        $updatedLastName = 'Updated lastname';
         $customer = $this->getCustomerData($customerId);
         $customerData = $this->dataObjectProcessor->buildOutputDataArray($customer, Customer::class);
-        $customerData[Customer::LASTNAME] = $updatedLastname;
+        $customerData[Customer::LASTNAME] = $updatedLastName;
 
         $serviceInfo = [
             'rest' => [
@@ -364,16 +362,20 @@ public function testUpdateCustomer(): void
             ],
         ];
 
-        $requestData['customer'] = TESTS_WEB_API_ADAPTER === self::ADAPTER_SOAP
+        $requestData['customer'] = (TESTS_WEB_API_ADAPTER === self::ADAPTER_SOAP)
             ? $customerData
-            : [Customer::LASTNAME => $updatedLastname];
-
+            : [
+                Customer::FIRSTNAME => $customer->getFirstname(),
+                Customer::LASTNAME => $updatedLastName,
+                Customer::EMAIL => $customer->getEmail(),
+                Customer::ID => $customerId,
+            ];
         $response = $this->_webApiCall($serviceInfo, $requestData);
         $this->assertNotNull($response);
 
         //Verify if the customer is updated
         $existingCustomerDataObject = $this->getCustomerData($customerId);
-        $this->assertEquals($updatedLastname, $existingCustomerDataObject->getLastname());
+        $this->assertEquals($updatedLastName, $existingCustomerDataObject->getLastname());
         $this->assertEquals($customerData[Customer::FIRSTNAME], $existingCustomerDataObject->getFirstname());
     }
 
diff --git a/dev/tests/api-functional/testsuite/Magento/GraphQl/Sales/RetrieveOrdersByOrderNumberTest.php b/dev/tests/api-functional/testsuite/Magento/GraphQl/Sales/RetrieveOrdersByOrderNumberTest.php
index 884b0c079e62..f2e36ee08e20 100644
--- a/dev/tests/api-functional/testsuite/Magento/GraphQl/Sales/RetrieveOrdersByOrderNumberTest.php
+++ b/dev/tests/api-functional/testsuite/Magento/GraphQl/Sales/RetrieveOrdersByOrderNumberTest.php
@@ -470,7 +470,7 @@ public function testGetCustomerDescendingSortedOrders()
   customer {
     orders(
       sort: {
-        sort_field: CREATED_AT,
+        sort_field: NUMBER,
         sort_direction: DESC
       }
     ) {
diff --git a/dev/tests/api-functional/testsuite/Magento/LoginAsCustomerAssistance/Plugin/CustomerAfterPluginTest.php b/dev/tests/api-functional/testsuite/Magento/LoginAsCustomerAssistance/Plugin/CustomerAfterPluginTest.php
index 0f69fd3cef51..3d268570fa36 100644
--- a/dev/tests/api-functional/testsuite/Magento/LoginAsCustomerAssistance/Plugin/CustomerAfterPluginTest.php
+++ b/dev/tests/api-functional/testsuite/Magento/LoginAsCustomerAssistance/Plugin/CustomerAfterPluginTest.php
@@ -77,16 +77,19 @@ public function testUpdateCustomer(int $state, bool $expected): void
     {
         $customerId = (int)$this->customerRepository->get('customer@example.com')->getId();
 
-        $updatedLastname = 'Updated lastname';
+        $updatedLastName = 'Updated lastname';
         $customer = $this->getCustomerData($customerId);
         $customerData = $this->dataObjectProcessor->buildOutputDataArray($customer, Customer::class);
-        $customerData[Customer::LASTNAME] = $updatedLastname;
+        $customerData[Customer::LASTNAME] = $updatedLastName;
         $customerData[ExtensibleDataInterface::EXTENSION_ATTRIBUTES_KEY]['assistance_allowed'] = $state;
 
-        $requestData['customer'] = TESTS_WEB_API_ADAPTER === self::ADAPTER_SOAP
+        $requestData['customer'] = (TESTS_WEB_API_ADAPTER === self::ADAPTER_SOAP)
             ? $customerData
             : [
-                Customer::LASTNAME => $updatedLastname,
+                Customer::FIRSTNAME => $customer->getFirstname(),
+                Customer::LASTNAME => $updatedLastName,
+                Customer::EMAIL => $customer->getEmail(),
+                Customer::ID => $customerId,
                 Customer::EXTENSION_ATTRIBUTES_KEY => ['assistance_allowed' => $state]
             ];
 
@@ -95,7 +98,7 @@ public function testUpdateCustomer(int $state, bool $expected): void
         $this->assertNotNull($response);
 
         $existingCustomerDataObject = $this->getCustomerData($customerId);
-        $this->assertEquals($updatedLastname, $existingCustomerDataObject->getLastname());
+        $this->assertEquals($updatedLastName, $existingCustomerDataObject->getLastname());
         $this->assertEquals($expected, $this->isAssistanceEnabled->execute($customerId));
     }
 
@@ -117,16 +120,19 @@ public function testUpdateCustomerWithLimitedResources(int $state): void
         ];
         $customerId = (int)$this->customerRepository->get('customer@example.com')->getId();
 
-        $updatedLastname = 'Updated lastname';
+        $updatedLastName = 'Updated lastname';
         $customer = $this->getCustomerData($customerId);
         $customerData = $this->dataObjectProcessor->buildOutputDataArray($customer, Customer::class);
-        $customerData[Customer::LASTNAME] = $updatedLastname;
+        $customerData[Customer::LASTNAME] = $updatedLastName;
         $customerData[ExtensibleDataInterface::EXTENSION_ATTRIBUTES_KEY]['assistance_allowed'] = $state;
 
-        $requestData['customer'] = TESTS_WEB_API_ADAPTER === self::ADAPTER_SOAP
+        $requestData['customer'] = (TESTS_WEB_API_ADAPTER === self::ADAPTER_SOAP)
             ? $customerData
             : [
-                Customer::LASTNAME => $updatedLastname,
+                Customer::FIRSTNAME => $customer->getFirstname(),
+                Customer::LASTNAME => $updatedLastName,
+                Customer::EMAIL => $customer->getEmail(),
+                Customer::ID => $customerId,
                 Customer::EXTENSION_ATTRIBUTES_KEY => ['assistance_allowed' => $state]
             ];
 
@@ -136,7 +142,7 @@ public function testUpdateCustomerWithLimitedResources(int $state): void
         $this->assertNotNull($response);
 
         $existingCustomerDataObject = $this->getCustomerData($customerId);
-        $this->assertEquals($updatedLastname, $existingCustomerDataObject->getLastname());
+        $this->assertEquals($updatedLastName, $existingCustomerDataObject->getLastname());
         $this->assertEquals(false, $this->isAssistanceEnabled->execute($customerId));
     }
 
diff --git a/dev/tests/integration/testsuite/Magento/CatalogInventory/Model/StockItemSave/OnProductUpdate/ByProductModel/ByStockItemTest.php b/dev/tests/integration/testsuite/Magento/CatalogInventory/Model/StockItemSave/OnProductUpdate/ByProductModel/ByStockItemTest.php
index a903b41ce340..255ab31c83e3 100644
--- a/dev/tests/integration/testsuite/Magento/CatalogInventory/Model/StockItemSave/OnProductUpdate/ByProductModel/ByStockItemTest.php
+++ b/dev/tests/integration/testsuite/Magento/CatalogInventory/Model/StockItemSave/OnProductUpdate/ByProductModel/ByStockItemTest.php
@@ -58,7 +58,7 @@ protected function setUp(): void
      * Test saving of stock item by product data via product model (deprecated)
      *
      * @magentoDataFixture Magento/Catalog/_files/product_simple.php
-     * @magentoDbIsolation disabled
+     * @magentoDbIsolation enabled
      */
     public function testSave()
     {
diff --git a/dev/tests/integration/testsuite/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/DeleteFilesTest.php b/dev/tests/integration/testsuite/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/DeleteFilesTest.php
index e92fd608fddb..65d6b3645af6 100644
--- a/dev/tests/integration/testsuite/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/DeleteFilesTest.php
+++ b/dev/tests/integration/testsuite/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/DeleteFilesTest.php
@@ -161,6 +161,8 @@ public static function executeDataProvider(): array
             ['name with[ bracket.jpg'],
             ['magento_small_image.jpg'],
             ['_.jpg'],
+            [' - .jpg'],
+            ['-.jpg'],
         ];
     }
 
diff --git a/dev/tests/integration/testsuite/Magento/Sales/Helper/AdminTest.php b/dev/tests/integration/testsuite/Magento/Sales/Helper/AdminTest.php
index a59e39c08183..ee78717e8e23 100644
--- a/dev/tests/integration/testsuite/Magento/Sales/Helper/AdminTest.php
+++ b/dev/tests/integration/testsuite/Magento/Sales/Helper/AdminTest.php
@@ -76,7 +76,7 @@ public static function escapeHtmlWithLinksDataProvider(): array
             ],
             [
                 '<a href=\"#\">Foo</a>',
-                '<a href="#">Foo</a>',
+                '<a href="%5C&quot;#%5C&quot;">Foo</a>',
                 'allowedTags' => ['a'],
             ],
             [
@@ -86,7 +86,7 @@ public static function escapeHtmlWithLinksDataProvider(): array
             ],
             [
                 "<a href=\"javascript&colon;alert(59)\">Foo</a>",
-                '<a href="#">Foo</a>',
+                '<a href="javascript&amp;colon;alert(59)">Foo</a>',
                 'allowedTags' => ['a'],
             ],
             [
diff --git a/lib/internal/Magento/Framework/Filesystem/Test/Unit/Directory/PathValidatorTest.php b/lib/internal/Magento/Framework/Filesystem/Test/Unit/Directory/PathValidatorTest.php
index 574a31307c28..8678850aa9c9 100644
--- a/lib/internal/Magento/Framework/Filesystem/Test/Unit/Directory/PathValidatorTest.php
+++ b/lib/internal/Magento/Framework/Filesystem/Test/Unit/Directory/PathValidatorTest.php
@@ -20,6 +20,9 @@
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
 
+/**
+ * Unit Test for \Magento\Framework\Filesystem\Directory\PathValidator
+ */
 class PathValidatorTest extends TestCase
 {
     /**
diff --git a/lib/internal/Magento/Framework/Webapi/ServiceInputProcessor.php b/lib/internal/Magento/Framework/Webapi/ServiceInputProcessor.php
index cd7960409e16..df31058ff325 100644
--- a/lib/internal/Magento/Framework/Webapi/ServiceInputProcessor.php
+++ b/lib/internal/Magento/Framework/Webapi/ServiceInputProcessor.php
@@ -278,6 +278,12 @@ protected function _createFromArray($className, $data)
         // convert to string directly to avoid situations when $className is object
         // which implements __toString method like \ReflectionObject
         $className = (string) $className;
+        if (is_subclass_of($className, \SimpleXMLElement::class)
+            || is_subclass_of($className, \DOMElement::class)) {
+            throw new SerializationException(
+                new Phrase('Invalid data type')
+            );
+        }
         $class = new ClassReflection($className);
         if (is_subclass_of($className, self::EXTENSION_ATTRIBUTES_TYPE)) {
             $className = substr($className, 0, -strlen('Interface'));