CVE-2024-41676 Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs

🗓️ 29 Jul 2024 14:26:46Reported by GitHub_MType

Magento LTS XSS vulnerability in admin system config

Reporter	Title	Published	Views	Family All 7
Vulnrichment	CVE-2024-41676 Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs	29 Jul 202414:46	–	vulnrichment
NVD	CVE-2024-41676	29 Jul 202415:15	–	nvd
Veracode	Cross-site Scripting (XSS)	30 Jul 202417:41	–	veracode
Github Security Blog	Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs	29 Jul 202416:38	–	github
OSV	CVE-2024-41676	29 Jul 202415:15	–	osv
OSV	GHSA-5VRP-638W-P8M2 Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs	29 Jul 202416:38	–	osv
CVE	CVE-2024-41676	29 Jul 202415:15	–	cve

[
  {
    "vendor": "OpenMage",
    "product": "magento-lts",
    "versions": [
      {
        "version": "< 20.10.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/OpenMage/magento-lts/commit/484cf8afc550e98bbf2c03fbb29a8450a32e7948
github	www.github.com/OpenMage/magento-lts/security/advisories/GHSA-5vrp-638w-p8m2

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

29 Jul 2024 14:46Current

CVSS34.1

EPSS0.00045

CWE-79