Lucene search
+L

5 matches found

osv
osv
added 2024/02/27 9:47 p.m.62 views

GHSA-GP6M-FQ6H-CJCX Magento LTS vulnerable to stored XSS in admin file form

Summary OpenMage is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Details MageAdminhtmlBlockSystemConfigFormFieldFile does not escape filename value in certain situations. Same...

5.4CVSS5.4AI score0.00442EPSS
Exploits0References3
github
github
added 2024/02/27 9:47 p.m.85 views

Magento LTS vulnerable to stored XSS in admin file form

Summary OpenMage is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Details MageAdminhtmlBlockSystemConfigFormFieldFile does not escape filename value in certain situations. Same...

5.4CVSS5.4AI score0.00442EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2024/02/15 1:39 p.m.26 views

CVE-2024-20717 Stored admin XSS via PayPal authentication certificate

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser wh...

5.4CVSS5.3AI score0.00442EPSS
Exploits0References1
cve
cve
added 2024/02/15 1:39 p.m.123 views

CVE-2024-20717

CVE-2024-20717 corresponds to a stored XSS vulnerability in Adobe Commerce/Magento Open Source, affecting versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier. The issue stems from Mage_Adminhtml_Block_System_Config_Form_Field_File not escaping the filename in certain conditions, allowing low-privil...

5.4CVSS5AI score0.00442EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2024/02/15 1:39 p.m.35 views

CVE-2024-20717 Stored admin XSS via PayPal authentication certificate

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser wh...

5.4CVSS5.2AI score0.00442EPSS
Exploits0References1
Rows per page
Query Builder