GHSA-c89g-gq5r-2xw2
GitHub Security Advisory
Magento Open Source stored Cross-Site Scripting (XSS) vulnerability
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Affected Packages
Packagist
magento/community-edition
Affected versions:
2.4.7-beta1
(fixed in 2.4.7-p3)
Packagist
magento/community-edition
Affected versions:
2.4.6-p1
(fixed in 2.4.6-p8)
Packagist
magento/community-edition
Affected versions:
2.4.5-p1
(fixed in 2.4.5-p10)
Packagist
magento/community-edition
Affected versions:
0
(fixed in 2.4.4-p11)
Packagist
magento/community-edition
Packagist
magento/community-edition
Packagist
magento/community-edition
Packagist
magento/community-edition
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: August 1, 2025 6:44 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.