GHSA-873m-72g6-853g

Suggest an improvement
Source
https://github.com/advisories/GHSA-873m-72g6-853g
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-873m-72g6-853g/GHSA-873m-72g6-853g.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-873m-72g6-853g
Aliases
Published
2024-10-10T12:31:12Z
Modified
2024-10-14T18:39:39.804102Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N CVSS Calculator
  • 6.2 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N CVSS Calculator
Summary
Magento Open Source Cross-Site Scripting (XSS) vulnerability
Details

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim's browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction.

Database specific 
{
    "nvd_published_at": "2024-10-10T10:15:03Z",
    "github_reviewed_at": "2024-10-11T19:12:07Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true
}
References

Affected packages

Packagist

magento/community-edition

Package

Name
magento/community-edition
Purl
pkg:composer/magento/community-edition

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.4.7-beta1
Fixed
2.4.7-p3

Affected versions

2.*

2.4.7-beta1
2.4.7-beta2
2.4.7-beta3
2.4.7
2.4.7-p1
2.4.7-p2

magento/community-edition

Package

Name
magento/community-edition
Purl
pkg:composer/magento/community-edition

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.4.6-p1
Fixed
2.4.6-p8

Affected versions

2.*

2.4.6-p1
2.4.6-p2
2.4.6-p3
2.4.6-p4
2.4.6-p5
2.4.6-p6
2.4.6-p7

magento/community-edition

Package

Name
magento/community-edition
Purl
pkg:composer/magento/community-edition

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.4.5-p1
Fixed
2.4.5-p10

Affected versions

2.*

2.4.5-p1
2.4.5-p2
2.4.5-p3
2.4.5-p4
2.4.5-p5
2.4.5-p6
2.4.5-p7
2.4.5-p8
2.4.5-p9

magento/community-edition

Package

Name
magento/community-edition
Purl
pkg:composer/magento/community-edition

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.4-p11

Affected versions

0.*

0.1.0-alpha89
0.1.0-alpha90
0.1.0-alpha91
0.1.0-alpha92
0.1.0-alpha93
0.1.0-alpha94
0.1.0-alpha95
0.1.0-alpha96
0.1.0-alpha97
0.1.0-alpha98
0.1.0-alpha99
0.1.0-alpha100
0.1.0-alpha101
0.1.0-alpha102
0.1.0-alpha103
0.1.0-alpha104
0.1.0-alpha105
0.1.0-alpha106
0.1.0-alpha107
0.1.0-alpha108
0.42.0-beta1
0.42.0-beta2
0.42.0-beta3
0.42.0-beta4
0.42.0-beta5
0.42.0-beta6
0.42.0-beta7
0.42.0-beta8
0.42.0-beta9
0.42.0-beta10
0.42.0-beta11
0.74.0-beta1
0.74.0-beta2
0.74.0-beta3
0.74.0-beta4
0.74.0-beta5
0.74.0-beta6
0.74.0-beta7
0.74.0-beta8
0.74.0-beta9
0.74.0-beta10
0.74.0-beta11
0.74.0-beta12
0.74.0-beta13
0.74.0-beta14
0.74.0-beta15
0.74.0-beta16

1.*

1.0.0-beta
1.0.0-beta2
1.0.0-beta3
1.0.0-beta4
1.0.0-beta5
1.0.0-beta6

2.*

2.0.0-rc
2.0.0-rc2
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.1.0-rc1
2.1.0-rc2
2.1.0-rc3
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.1.18
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.2.10
2.2.11
2.3.0
2.3.1
2.3.2
2.3.2-p2
2.3.3
2.3.3-p1
2.3.4
2.3.4-p2
2.3.5
2.3.5-p1
2.3.5-p2
2.3.6
2.3.6-p1
2.3.7
2.3.7-p1
2.3.7-p2
2.3.7-p3
2.3.7-p4
2.4.0
2.4.0-p1
2.4.1
2.4.1-p1
2.4.2
2.4.2-p1
2.4.2-p2
2.4.3
2.4.3-p1
2.4.3-p2
2.4.3-p3
2.4.4
2.4.4-p1
2.4.4-p2
2.4.4-p3
2.4.4-p4
2.4.4-p5
2.4.4-p6
2.4.4-p7
2.4.4-p8
2.4.4-p9
2.4.4-p10

magento/community-edition

Package

Name
magento/community-edition
Purl
pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.7

magento/community-edition

Package

Name
magento/community-edition
Purl
pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.6

magento/community-edition

Package

Name
magento/community-edition
Purl
pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.5

magento/community-edition

Package

Name
magento/community-edition
Purl
pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.4