Описание
Withdrawn Advisory: Magento 2 Community Edition XSS Vulnerability
Withdrawn Advisory
This advisory has been withdrawn because the vulnerability does not affect a package in one of the GitHub Advisory Database's supported ecosystems. This link is maintained to preserve external references.
Original Description
In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template.
Пакеты
magento/community-edition
< 1.9.4.3
1.9.4.3
Связанные уязвимости
in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template.