Описание
Magento XSS Vulnerability
In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML.
Пакеты
Наименование
magento/core
composer
Затронутые версииВерсия исправления
< 1.9.4.3
1.9.4.3
Связанные уязвимости
CVSS3: 4.8
nvd
больше 6 лет назад
In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML.