Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-5632-wq7m-gfq9

GitHub Security Advisory

Magento Open Source Cross-Site Scripting (XSS) vulnerability

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Affected Packages

Packagist magento/community-edition
Packagist magento/community-edition
Packagist magento/community-edition
Packagist magento/community-edition
Packagist magento/community-edition
Affected versions: 2.4.6-p1 (fixed in 2.4.6-p6)
Packagist magento/community-edition
Affected versions: 2.4.5-p1 (fixed in 2.4.5-p8)
Packagist magento/community-edition
Affected versions: 0 (fixed in 2.4.4-p9)

Related CVEs

CVE-2024-34105

Key Information

GHSA ID
GHSA-5632-wq7m-gfq9
Published
June 13, 2024 9:31 AM
Last Modified
August 7, 2024 5:43 PM
CVSS Score
5.0 /10
Primary Ecosystem
Packagist
Primary Package
magento/community-edition
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 1, 2025 6:44 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.