Lucene search

GitHub Advisory DatabaseGHSA-XC4P-J89C-P7X5

HistoryMay 24, 2022 - 5:24 p.m.

Magento stored cross-site scripting vulnerability

2022-05-2417:24:11

CWE-79

GitHub Advisory Database

github.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.3%

JSON

Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
A patch SUPEE-11346 is available at Magento Open Source Download Page > Release Archive Tab > Magento Open Source Patches - 1.x Section

Affected configurations

Vulners

Node

magentoadvanced_newsletterRange≤1.9.4.5magento

CPENameOperatorVersion
magento/corele1.9.4.5

CPE	Name	Operator	Version
	magento/core	le	1.9.4.5

References

github.com/advisories/GHSA-xc4p-j89c-p7x5

helpx.adobe.com/security/products/magento/apsb20-41.html

nvd.nist.gov/vuln/detail/CVE-2020-9665

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.3%

JSON

Related for GHSA-XC4P-J89C-P7X5