GHSA-29mr-gr4c-vf9c
GitHub Security Advisory
Magento 2 Community Edition XSS Vulnerability
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when adding an image for during simple product creation.
Affected Packages
Packagist
magento/community-edition
Affected versions:
2.2.0
(fixed in 2.2.10)
Packagist
magento/community-edition
Affected versions:
2.3.0
(fixed in 2.3.2-p1)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: July 1, 2025 6:26 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.