magento/community-edition is vulnerable to cross-site scripting (XSS). Lack of sanitization of user-provided parameters allow an injection of malicious script which will be executed when the vulnerable page is loaded.
CPE | Name | Operator | Version |
---|---|---|---|
magento/community-edition | eq | 2.3.5 | |
magento/community-edition | le | 2.2.11 | |
magento/community-edition | le | 2.3.4 |
devdocs.magento.com/guides/v2.3/release-notes/bk-release-notes.html
devdocs.magento.com/guides/v2.3/release-notes/release-notes-2-3-5-commerce.html
github.com/magento/magento2/commit/6e36d5e605e07d3a0f773de1a98884f75430aaf5
github.com/magento/magento2/issues/25050
helpx.adobe.com/security/products/magento/apsb20-22.html