5 matches found
GHSA-GP6M-FQ6H-CJCX Magento LTS vulnerable to stored XSS in admin file form
Summary OpenMage is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Details MageAdminhtmlBlockSystemConfigFormFieldFile does not escape filename value in certain situations. Same...
Magento LTS vulnerable to stored XSS in admin file form
Summary OpenMage is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Details MageAdminhtmlBlockSystemConfigFormFieldFile does not escape filename value in certain situations. Same...
CVE-2024-20717 Stored admin XSS via PayPal authentication certificate
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser wh...
CVE-2024-20717
CVE-2024-20717 corresponds to a stored XSS vulnerability in Adobe Commerce/Magento Open Source, affecting versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier. The issue stems from Mage_Adminhtml_Block_System_Config_Form_Field_File not escaping the filename in certain conditions, allowing low-privil...
CVE-2024-20717 Stored admin XSS via PayPal authentication certificate
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser wh...