Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-3j7w-jp46-9752

GitHub Security Advisory

Magento Open Source allows Cross-Site Scripting (XSS)

✓ GitHub Reviewed LOW Has CVE
View on GitHub

Advisory Details

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact.

Affected Packages

Packagist magento/community-edition
Affected versions: 2.4.7-beta1 (fixed in 2.4.7-beta2)
Packagist magento/community-edition
Packagist magento/community-edition
Packagist magento/community-edition
Packagist magento/community-edition
Affected versions: 2.4.6-p1 (fixed in 2.4.6-p3)
Packagist magento/community-edition
Affected versions: 2.4.5-p1 (fixed in 2.4.5-p5)
Packagist magento/community-edition
Affected versions: 2.4.4-p1 (fixed in 2.4.4-p6)
Packagist magento/project-community-edition
Affected versions: 0 (last affected: 2.0.2)

Related CVEs

CVE-2023-38219

Key Information

GHSA ID
GHSA-3j7w-jp46-9752
Published
October 13, 2023 9:30 AM
Last Modified
March 4, 2025 6:24 PM
CVSS Score
2.5 /10
Primary Ecosystem
Packagist
Primary Package
magento/community-edition
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 1, 2025 6:44 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.