18 matches found
CVE-2026-42458
Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, there is a reflected XSS vulnerability under admin panel - System - Import/Export -...
CVE-2026-40098
Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the shared wishlist add-to-cart endpoint authorizes access with a public...
CVE-2026-25524
Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, PHP functions such as getimagesize, fileexists, and isreadable can trigger...
CVE-2026-42207
Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, MageProductAlertAddController::stockAction reads the uenc query parameter and passes...
CVE-2026-42458
Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, there is a reflected XSS vulnerability under admin panel - System - Import/Export -...
CVE-2026-42155 Magento LTS: Weak API Session ID — Predictable MD5 of Time-Derived Inputs
Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...
magento-lts 安全漏洞
Magento LTS is an open-source alternative to OpenMage, and it’s a reliable substitute for the official Magento CE version. Versions of Magento LTS prior to 20.18.0 had security vulnerabilities; these vulnerabilities stemmed from reflection-type cross-site scripting vulnerabilities in the data...
PT-2026-33796
Name of the Vulnerable Software and Affected Versions Magento Long Term Support LTS versions prior to 20.17.0 Description PHP functions such as getimagesize, file exists, and is readable can trigger deserialization when processing phar:// stream wrapper paths. The software uses these functions wi...
CVE-2026-25523
Magento-lts is a long-term support alternative to Magento Community Edition CE. Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue has been patched in version 20.16.1...
EUVD-2026-5330
Magento-lts is a long-term support alternative to Magento Community Edition CE. Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue has been patched in version 20.16.1...
magento-lts 信息泄露漏洞
Magento-LTS is an open-source alternative to OpenMage, designed as a reliable substitute for the official Magento CE version. Versions of Magento-LTS prior to 20.16.1 contained an information leakage vulnerability. This vulnerability stemmed from the ability to exploit the X-Original-Url header...
magento-lts 安全漏洞
magento-lts is an OpenMage open source reliable replacement for the official version of Magento CE. A security vulnerability exists in magento-lts version 20.15.0 and earlier, which stems from unescaped translation strings and URLs being printed to a specific context, potentially leading to a...
PT-2025-44806
Name of the Vulnerable Software and Affected Versions Magento-lts versions 20.15.0 and below OpenMage versions 20.15.0 and earlier Description Magento-lts and OpenMage are affected by a stored Cross-Site Scripting XSS issue. An administrator with direct database access or access to the admin...
EUVD-2025-5563
Malicious code in bioql PyPI...
CVE-2025-27400
Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerability that allows script execution in the admi...
CVE-2025-27400
Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerability that allows script execution in the admi...
CVE-2025-27400
Summary: CVE-2025-27400 affects OpenMage/magento-lts (Magento LTS) with a stored XSS in the admin panel via the Design > Themes > Skin (Images / CSS) config field. Affected versions: prior to 20.12.3 and prior to 20.13.0 contain the vulnerability (one source notes 20.13.1 as patched in some...
CVE-2025-27400 Magento vulnerable to stored XSS in theme config fields
Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerability that allows script execution in the admi...