Описание
Magento Open Source allows Cross-Site Scripting (XSS)
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access.
Пакеты
magento/community-edition
= 2.4.6
Отсутствует
magento/community-edition
= 2.4.5
Отсутствует
magento/community-edition
= 2.4.4
Отсутствует
magento/community-edition
>= 2.4.6-p1, < 2.4.6-p4
2.4.6-p4
magento/community-edition
>= 2.4.5-p1, < 2.4.5-p6
2.4.5-p6
magento/community-edition
>= 2.4.4-p1, < 2.4.4-p7
2.4.4-p7
magento/project-community-edition
<= 2.0.2
Отсутствует
Связанные уязвимости
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access.
Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source и Adobe Commerce, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить произвольный код