Описание
Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability
Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
Пакеты
magento/community-edition
>= 2.4.7-beta1, < 2.4.7-p3
2.4.7-p3
magento/community-edition
>= 2.4.6-p1, < 2.4.6-p8
2.4.6-p8
magento/community-edition
>= 2.4.5-p1, < 2.4.5-p10
2.4.5-p10
magento/community-edition
< 2.4.4-p11
2.4.4-p11
magento/community-edition
= 2.4.7
Отсутствует
magento/community-edition
= 2.4.6
Отсутствует
magento/community-edition
= 2.4.5
Отсутствует
magento/community-edition
= 2.4.4
Отсутствует
Связанные уязвимости
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source, Adobe Commerce и Adobe Commerce B2B, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить произвольный код