Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-9j5w-2cqc-cwj9: Magento LTS vulnerable to Stored XSS via TinyMCE WYSIWYG Editor

From HackerOne report #1948040 by Halit AKAYDIN (hltakydn)

Impact

What kind of vulnerability is it? Who is impacted?

The TinyMCE WYSIWYG editor fails to filter scripts when rendering the HTML in specially crafted HTML tags.

Patches

Has the problem been patched? What versions should users upgrade to?

This vulnerability was fixed in version 20.2.0 by upgrading TinyMCE to a recent version in https://github.com/OpenMage/magento-lts/pull/3220

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?

The WYSIWYG editor features could be disabled in the configuration. Possibly some WAF appliances would filter this attack.

References

Are there any links users can visit to find out more?

The attack is simply an exploit of the “onmouseover” attribute of an img element as described on OWASP XSS Filter Evasion

ghsa
#xss#vulnerability#git

From HackerOne report #1948040 by Halit AKAYDIN (hltakydn)

Impact

What kind of vulnerability is it? Who is impacted?

The TinyMCE WYSIWYG editor fails to filter scripts when rendering the HTML in specially crafted HTML tags.

Patches

Has the problem been patched? What versions should users upgrade to?

This vulnerability was fixed in version 20.2.0 by upgrading TinyMCE to a recent version in OpenMage/magento-lts#3220

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?

The WYSIWYG editor features could be disabled in the configuration. Possibly some WAF appliances would filter this attack.

References

Are there any links users can visit to find out more?

The attack is simply an exploit of the “onmouseover” attribute of an img element as described on OWASP XSS Filter Evasion

References

  • GHSA-9j5w-2cqc-cwj9
  • OpenMage/magento-lts#3220
  • https://hackerone.com/reports/1948040
  • https://github.com/OpenMage/magento-lts/releases/tag/v20.2.0

ghsa: Latest News

GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails