Description

Magento-lts is a long-term support alternative to Magento Community Edition (CE). This XSS vulnerability affects the design/header/welcome, design/header/logo_src, design/header/logo_src_small, and design/header/logo_alt system configs.They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases. But because of previously missing escaping allowed to input arbitrary html and as a consequence also arbitrary JavaScript. The problem is patched with Version 20.10.1 or higher.

INFO

Published Date :

2024-07-29T14:46:26.806Z

Last Modified :

2024-08-02T04:46:52.910Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-41676 vulnerability.

Vendors Products
Openmage
  • Magento
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-41676.

URL Resource
https://github.com/OpenMage/magento-lts/commit/484cf8afc550e98bbf2c03fbb29a8450a32e7948 cve-icon cve-icon cve-icon
https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5vrp-638w-p8m2 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact