Headline
GHSA-88x2-cq34-5fwc: Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability
Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2024-45123
Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability
Moderate severity GitHub Reviewed Published Oct 10, 2024 to the GitHub Advisory Database • Updated Oct 11, 2024
Package
composer magento/community-edition (Composer)
Affected versions
>= 2.4.7-beta1, < 2.4.7-p3
>= 2.4.6-p1, < 2.4.6-p8
>= 2.4.5-p1, < 2.4.5-p10
< 2.4.4-p11
= 2.4.7
= 2.4.6
= 2.4.5
= 2.4.4
Patched versions
2.4.7-p3
2.4.6-p8
2.4.5-p10
2.4.4-p11
Published to the GitHub Advisory Database
Oct 10, 2024
Last updated
Oct 11, 2024