CVE-2024-41676
published 2024-07-29CVE-2024-41676: Magento-lts is a long-term support alternative to Magento Community Edition (CE). This XSS vulnerability affects the design/header/welcome…
PriorityP420medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.34%
25.9th percentile
Magento-lts is a long-term support alternative to Magento Community Edition (CE). This XSS vulnerability affects the design/header/welcome, design/header/logo_src, design/header/logo_src_small, and design/header/logo_alt system configs.They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases.
But because of previously missing escaping allowed to input arbitrary html and as a consequence also arbitrary JavaScript. The problem is patched with Version 20.10.1 or higher.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openmage | magento | < 20.10.1 | 20.10.1 |
| openmage | magento-lts | < 20.10.1 | 20.10.1 |
| openmage | magento-lts | >= 0 < 20.10.1 | 20.10.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs
osv·2024-07-29
CVE-2024-41676 [MEDIUM] Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs
Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs
### Impact
This XSS vulnerability is about the system configs
* design/header/welcome
* design/header/logo_src
* design/header/logo_src_small
* design/header/logo_alt
They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases.
But because of previously missing escaping allowed to input arbitrary html and as a consequence also arbitrary JavaScript.
While this is in most usage scenarios not a relevant issue, some people work with more restrictive roles in the backend. Here the ability to inject JavaScript with these settings would be an unintended and unwanted privilege.
### Patches
_Has the problem been patched? What versions should users upgrad
GHSA
Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs
ghsa·2024-07-29
CVE-2024-41676 [MEDIUM] CWE-79 Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs
Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs
### Impact
This XSS vulnerability is about the system configs
* design/header/welcome
* design/header/logo_src
* design/header/logo_src_small
* design/header/logo_alt
They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases.
But because of previously missing escaping allowed to input arbitrary html and as a consequence also arbitrary JavaScript.
While this is in most usage scenarios not a relevant issue, some people work with more restrictive roles in the backend. Here the ability to inject JavaScript with these settings would be an unintended and unwanted privilege.
### Patches
_Has the problem been patched? What versions should users upgrad
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/OpenMage/magento-lts/commit/484cf8afc550e98bbf2c03fbb29a8450a32e7948https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5vrp-638w-p8m2https://github.com/OpenMage/magento-lts/commit/484cf8afc550e98bbf2c03fbb29a8450a32e7948https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5vrp-638w-p8m2
2024-07-29
Published