Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 5:41 p.m.31 views

Magento XPath Injection

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to XML injection in the product layout updates. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful...

9.1CVSS7.9AI score0.03269EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2022/05/24 5:41 p.m.22 views

GHSA-H437-QJJ9-VMQ4 Magento XPath Injection

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to XML injection in the product layout updates. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful...

9.1CVSS8.9AI score0.03269EPSS
Exploits0References3
OSV
OSV
added 2021/02/11 8:15 p.m.25 views

CVE-2021-21025

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to XML injection in the product layout updates. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful...

9.1CVSS7.5AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/02/09 12:0 a.m.4 views

PT-2021-2310 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue concerns XML injection in the product layout updates of Magento. Successful exploitation could lead to arbitrar...

9.1CVSS9.4AI score0.03269EPSS
Exploits0References10
Rows per page
Query Builder