Lucene search
Veracode Vulnerability DatabaseVERACODE:25782HistoryJun 29, 2020 - 5:27 a.m.
Cross-Site Scripting (XSS)
2020-06-2905:27:08
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.001 Low
EPSS
Percentile
28.0%
magento/community-edition is vulnerable to cross-site scripting (XSS). Lack of sanitization of user-provided parameters allow an injection of malicious script which will be executed when the vulnerable page is loaded.
| CPE | Name | Operator | Version |
|---|---|---|---|
| magento/community-edition | eq | 2.3.5 | |
| magento/community-edition | le | 2.2.11 | |
| magento/community-edition | le | 2.3.4 |
References
devdocs.magento.com/guides/v2.3/release-notes/bk-release-notes.html
devdocs.magento.com/guides/v2.3/release-notes/release-notes-2-3-5-commerce.html
github.com/magento/magento2/commit/6e36d5e605e07d3a0f773de1a98884f75430aaf5
github.com/magento/magento2/issues/25050
helpx.adobe.com/security/products/magento/apsb20-22.html
Related
osv
osv
CVE-2020-9584
2020-06-26 21:15:17
Magento Stored cross-site scripting
2022-05-24 17:21:49
BIT-magento-2020-9584
2024-03-06 11:04:22
cve
cve
CVE-2020-9584
2020-06-26 21:15:17
cvelist
cvelist
CVE-2020-9584
2020-06-26 20:18:59
prion
prion
Cross site scripting
2020-06-26 21:15:00
github
github
Magento Stored cross-site scripting
2022-05-24 17:21:49
nvd
nvd
CVE-2020-9584
2020-06-26 21:15:17
openvas
openvas
Magento Multiple Vulnerabilities (APSB20-22)
2020-05-04 00:00:00
adobe
adobe
APSB20-22 Security updates available for Magento
2020-04-28 00:00:00