CVE-2024-41676

Magento LTS (OpenMage Magento-lts) is affected by an XSS in system config fields design/header/welcome, design/header/logo_src, design/header/logo_src_small, and design/header/logo_alt due to missing escaping. The issue allows input of arbitrary HTML/JavaScript and is mitigated by upgrading to ve...