184 matches found
Magento LTS vulnerable to stored XSS in admin file form
Summary OpenMage is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Details MageAdminhtmlBlockSystemConfigFormFieldFile does not escape filename value in certain situations. Same...
PT-2023-33004 · Tinymce +1 · Tinymce +1
Name of the Vulnerable Software and Affected Versions: TinyMCE versions prior to 20.2.0 OpenMage magento-lts versions prior to 20.2.0 Description: The TinyMCE WYSIWYG editor fails to filter scripts when rendering HTML in specially crafted HTML tags, allowing for potential exploitation. This issue...
CVE-2023-41879
Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protectcode". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would...
Authentication flaw
Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protectcode". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would...
CVE-2023-41879
CVE-2023-41879 affects Magento OpenMage LTS (Magento LTS) where a guest-order retrieval cookie, guest-view, contains a 6-hex-protect_code. The short entropy (24 bits) enables brute-forcing to view guest orders without authentication, exposing billing/shipping data and order items. Multiple source...
CVE-2023-41879 Magento LTS's guest order "protect code" can be brute-forced too easily
Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protectcode". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would...
Magento LTS's guest order "protect code" can be brute-forced too easily
Impact Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protectcode". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. Patch...
OpenMage Magento Lts Security Feature Issue Vulnerability
OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A security signature issue vulnerability exists in OpenMage Magento Lts that originates from allowing to view visitor orders without authentication...
Remote Code Execution (RCE)
openmage/magento-lts is vulnerable to Remote Code Execution RCE. The vulnerability exists due to insufficient input validation which allows an administrator with upload file permission to create products which results in arbitrary code execution via the convert profile...
Remote Code Execution
openmage/magento-lts is vulnerable to Remote Code Execution. The vulnerability exists in the deleteDirectory function in Storage.php which allows an attacker to delete arbitrary files and execute arbitrary code into the server...
Remote Code Execution (RCE)
openmage/magento-lts is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the lack of validation in the $this, $callback, and $alias parameters in the getChildGroup function of Abstract.php, allowing an attacker to bypass the block blacklist and inject and execute malicious...
Denial Of Service (DoS)
openmage/magento-lts is vulnerable to Denial Of Service DoS. The vulnerability exists in the filter function of MaliciousCode.php, allowing an attacker to cause an application crash through an infinite loop by providing malicious input...
CVE-2023-23617
OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds...
Code injection
OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds...
CVE-2023-23617 OpenMage LTS has DoS vulnerability in MaliciousCode filter
OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds...
CVE-2023-23617 OpenMage LTS has DoS vulnerability in MaliciousCode filter
OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds...
CVE-2023-23617
OpenMage LTS (OpenMage Magento LTS) is affected by CVE-2023-23617. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in the MaliciousCode filter under certain conditions, enabling a Denial of Service. The fixed releases are 19.4.22 and 20.0.19, which address this issue. Other connect...
CVE-2023-23617 OpenMage LTS has DoS vulnerability in MaliciousCode filter
OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds...
CVE-2021-41231
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue...
CVE-2021-41231
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue...