5 matches found
Magento LTS vulnerable to stored XSS in admin file form
Summary OpenMage is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Details MageAdminhtmlBlockSystemConfigFormFieldFile does not escape filename value in certain situations. Same...
GHSA-GP6M-FQ6H-CJCX Magento LTS vulnerable to stored XSS in admin file form
Summary OpenMage is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Details MageAdminhtmlBlockSystemConfigFormFieldFile does not escape filename value in certain situations. Same...
CVE-2024-20717 Stored admin XSS via PayPal authentication certificate
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser wh...
CVE-2024-20717 Stored admin XSS via PayPal authentication certificate
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser wh...
CVE-2024-20717
CVE-2024-20717 corresponds to a stored XSS vulnerability in Adobe Commerce/Magento Open Source, affecting versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier. The issue stems from Mage_Adminhtml_Block_System_Config_Form_Field_File not escaping the filename in certain conditions, allowing low-privil...