Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities

2024-05-1522:34:08

Google

osv.dev

magento

security enhancements

rce

xss

vulnerabilities

7.1 High

AI Score

Confidence

High

JSON

Magento Commerce and Open Source 2.2.5 and 2.1.14 contain multiple security enhancements that help close authenticated Admin user remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities.

CPENameOperatorVersion
magento/community-editioneq2.1.0
magento/community-editioneq2.1.10
magento/community-editioneq2.1.7
magento/community-editioneq2.1.1
magento/community-editioneq2.1.0-rc3
magento/community-editioneq2.1.0-rc1
magento/community-editioneq2.1.2
magento/community-editioneq2.2.4
magento/community-editioneq2.2.2
magento/community-editioneq2.1.0-rc2

Name	Operator	Version
magento/community-edition	eq	2.1.0
magento/community-edition	eq	2.1.10
magento/community-edition	eq	2.1.7
magento/community-edition	eq	2.1.1
magento/community-edition	eq	2.1.0-rc3
magento/community-edition	eq	2.1.0-rc1
magento/community-edition	eq	2.1.2
magento/community-edition	eq	2.2.4
magento/community-edition	eq	2.2.2
magento/community-edition	eq	2.1.0-rc2

Rows per page:

1-10 of 221

References

github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/2018-06-27.yaml

github.com/magento/magento2

web.archive.org/web/20210802091126/https://magento.com/security/patches/magento-2.2.5-and-2.1.14-security-update

7.1 High

AI Score

Confidence

High

JSON