GHSA-27v2-398x-f74x

Source

https://github.com/advisories/GHSA-27v2-398x-f74x

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-27v2-398x-f74x/GHSA-27v2-398x-f74x.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-27v2-398x-f74x

Aliases

CVE-2015-2068

Published

2022-05-13T01:25:28Z

Modified

2024-12-06T05:38:58.390228Z

Summary

MAGMI cross-site scripting (XSS)

Details

Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERYSTRING to web/magmiimport_run.php.

Database specific

{
    "nvd_published_at": "2015-02-24T17:59:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-24T18:40:37Z"
}

References

Affected packages

Packagist / dweeves/magmi

Package

Name: dweeves/magmi
Purl: pkg:composer/dweeves/magmi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.22

Affected versions

0.*

0.7.19a

0.7.19

0.7.20

0.7.21