Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs
Vulnerability Description
Magento-lts is a long-term support alternative to Magento Community Edition (CE). This XSS vulnerability affects the design/header/welcome, design/header/logo_src, design/header/logo_src_small, and design/header/logo_alt system configs.They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases. But because of previously missing escaping allowed to input arbitrary html and as a consequence also arbitrary JavaScript. The problem is patched with Version 20.10.1 or higher.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
magento-lts 安全漏洞
Vulnerability Description
magento-lts是OpenMage开源的一个用于Magento CE官方版本的可靠替代品。 magento-lts 20.10.1之前版本存在安全漏洞,该漏洞源于缺少转义,允许输入任意html。
CVSS Information
N/A
Vulnerability Type
N/A