GHSA-52fg-wjxm-pp44

Suggest an improvement
Source
https://github.com/advisories/GHSA-52fg-wjxm-pp44
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-52fg-wjxm-pp44/GHSA-52fg-wjxm-pp44.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-52fg-wjxm-pp44
Aliases
Published
2024-08-14T12:35:01Z
Modified
2025-11-06T17:42:40.498163Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N CVSS Calculator
Summary
Magento DOM-based Cross-Site Scripting (XSS) vulnerability
Details

Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. Confidentiality and integrity impact is high as it affects other admin accounts.

Database specific 
{
    "nvd_published_at": "2024-08-14T12:15:24Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed_at": "2025-11-06T17:21:44Z",
    "severity": "HIGH",
    "github_reviewed": true
}
References

Affected packages

Packagist

magento/project-community-edition

Package

Name
magento/project-community-edition
Purl
pkg:composer/magento/project-community-edition

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
2.0.2

Affected versions

0.*

0.1.0-alpha89
0.1.0-alpha90
0.1.0-alpha91
0.1.0-alpha92
0.1.0-alpha93
0.1.0-alpha94
0.1.0-alpha95
0.1.0-alpha96
0.1.0-alpha97
0.1.0-alpha98
0.1.0-alpha99
0.1.0-alpha100
0.1.0-alpha101
0.1.0-alpha102
0.1.0-alpha103
0.1.0-alpha104
0.1.0-alpha105
0.1.0-alpha106
0.1.0-alpha107
0.1.0-alpha108
0.42.0-beta1
0.42.0-beta2
0.42.0-beta3
0.42.0-beta4
0.42.0-beta5
0.42.0-beta6
0.42.0-beta7
0.42.0-beta8
0.42.0-beta9
0.42.0-beta10
0.42.0-beta11
0.74.0-beta1
0.74.0-beta2
0.74.0-beta3
0.74.0-beta4
0.74.0-beta5
0.74.0-beta6
0.74.0-beta7
0.74.0-beta8
0.74.0-beta9
0.74.0-beta10
0.74.0-beta11
0.74.0-beta12
0.74.0-beta13
0.74.0-beta14
0.74.0-beta15
0.74.0-beta16

1.*

1.0.0-beta

2.*

2.0.0-rc
2.0.0-rc2
2.0.0
2.0.1
2.0.2

magento/community-edition

Package

Name
magento/community-edition
Purl
pkg:composer/magento/community-edition

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.4.7-beta1
Fixed
2.4.7-p2

Affected versions

2.*

2.4.7-beta1
2.4.7-beta2
2.4.7-beta3
2.4.7
2.4.7-p1

magento/community-edition

Package

Name
magento/community-edition
Purl
pkg:composer/magento/community-edition

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.4.6-p1
Fixed
2.4.6-p7

Affected versions

2.*

2.4.6-p1
2.4.6-p2
2.4.6-p3
2.4.6-p4
2.4.6-p5
2.4.6-p6

magento/community-edition

Package

Name
magento/community-edition
Purl
pkg:composer/magento/community-edition

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.4.5-p1
Fixed
2.4.5-p9

Affected versions

2.*

2.4.5-p1
2.4.5-p2
2.4.5-p3
2.4.5-p4
2.4.5-p5
2.4.5-p6
2.4.5-p7
2.4.5-p8

magento/community-edition

Package

Name
magento/community-edition
Purl
pkg:composer/magento/community-edition

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.4.4-p1
Fixed
2.4.4-p10

Affected versions

2.*

2.4.4-p1
2.4.4-p2
2.4.4-p3
2.4.4-p4
2.4.4-p5
2.4.4-p6
2.4.4-p7
2.4.4-p8
2.4.4-p9

magento/community-edition

Package

Name
magento/community-edition
Purl
pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.7

magento/community-edition

Package

Name
magento/community-edition
Purl
pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.6

magento/community-edition

Package

Name
magento/community-edition
Purl
pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.5

magento/community-edition

Package

Name
magento/community-edition
Purl
pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.4