Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure .
References:GSA_kwCzR0hTQS02ODl3LTJmOTMtMng2N84AAlKJ
Magento stored cross-site scripting vulnerability
| Affected Packages | Affected Versions | Fixed Versions | |
|---|---|---|---|
| packagist:magento/community-edition | < 2.3.4-p2 | 2.3.4-p2 | |
Affected Version RangesAll affected versions0.1.0-alpha89, 0.1.0-alpha90, 0.1.0-alpha91, 0.1.0-alpha92, 0.1.0-alpha93, 0.1.0-alpha94, 0.1.0-alpha95, 0.1.0-alpha96, 0.1.0-alpha97, 0.1.0-alpha98, 0.1.0-alpha99, 0.1.0-alpha100, 0.1.0-alpha101, 0.1.0-alpha102, 0.1.0-alpha103, 0.1.0-alpha104, 0.1.0-alpha105, 0.1.0-alpha106, 0.1.0-alpha107, 0.1.0-alpha108, 0.42.0-beta1, 0.42.0-beta2, 0.42.0-beta3, 0.42.0-beta4, 0.42.0-beta5, 0.42.0-beta6, 0.42.0-beta7, 0.42.0-beta8, 0.42.0-beta9, 0.42.0-beta10, 0.42.0-beta11, 0.74.0-beta1, 0.74.0-beta2, 0.74.0-beta3, 0.74.0-beta4, 0.74.0-beta5, 0.74.0-beta6, 0.74.0-beta7, 0.74.0-beta8, 0.74.0-beta9, 0.74.0-beta10, 0.74.0-beta11, 0.74.0-beta12, 0.74.0-beta13, 0.74.0-beta14, 0.74.0-beta15, 0.74.0-beta16, 1.0.0-beta, 1.0.0-beta2, 1.0.0-beta3, 1.0.0-beta4, 1.0.0-beta5, 1.0.0-beta6, 2.0.0, 2.0.0-rc, 2.0.0-rc2, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.1.0, 2.1.0-rc1, 2.1.0-rc2, 2.1.0-rc3, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.1.10, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.1.15, 2.1.16, 2.1.17, 2.1.18, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.2.10, 2.2.11, 2.3.0, 2.3.1, 2.3.2, 2.3.2-p2, 2.3.3, 2.3.3-p1 All unaffected versions2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8 |
|||
| packagist:magento/core | < 1.9.4.5 | 1.9.4.5 | |
|
|
|||