CVE-2020-24408

🗓️ 16 Oct 2020 14:03:11Reported by adobeType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 119 Views

Magento 2.4.0, 2.3.5p1 & earlier allow persistent XSS via file uploa

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2020-24408	15 Oct 202023:00	–	attackerkb
CNVD	Adobe Magento Cross-Site Scripting Vulnerability	19 Oct 202000:00	–	cnvd
Cvelist	CVE-2020-24408 Stored XSS in customer address upload feature	16 Oct 202014:03	–	cvelist
EUVD	EUVD-2022-4461	3 Oct 202520:07	–	euvd
Github Security Blog	Magento 2 Community Edition XSS Vulnerability	24 May 202217:31	–	github
NVD	CVE-2020-24408	16 Oct 202015:15	–	nvd
OpenVAS	Magento < 2.3.6, 2.4.x < 2.4.1 Multiple Vulnerabilities (APSB20-59)	23 Oct 202000:00	–	openvas
OSV	BIT-MAGENTO-2020-24408 Stored XSS in customer address upload feature	6 Mar 202411:07	–	osv
OSV	GHSA-JXJC-6XMH-H7MG Magento 2 Community Edition XSS Vulnerability	24 May 202217:31	–	osv
Prion	Cross site scripting	16 Oct 202015:15	–	prion

NVD

Vulners

Node

magento magentoRange≤2.3.4commerce

magento magentoRange≤2.3.4open_source

magento magentoMatch2.3.5-commerce

magento magentoMatch2.3.5-open_source

magento magentoMatch2.3.5p1commerce

magento magentoMatch2.3.5p1open_source

magento magentoMatch2.4.0commerce

magento magentoMatch2.4.0open_source

[
  {
    "product": "Magento Commerce",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "2.4.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "2.3.5p1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "None",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
helpx	www.helpx.adobe.com/security/products/magento/apsb20-59.html

21 Nov 2024 05:14Current

6.2Medium risk

Vulners AI Score6.2

CVSS 24.3

CVSS 3.16.1

EPSS0.01321

CWE-79