CVE-2020-9581

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
26/06/2020
Last modified:
01/07/2020

Description

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:magento:magento:*:*:*:*:community:*:*:* 1.9.4.4 (including)
cpe:2.3:a:magento:magento:*:*:*:*:enterprise:*:*:* 1.14.4.4 (including)
cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:* 2.2.0 (including) 2.2.11 (including)
cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:* 2.2.0 (including) 2.2.11 (including)
cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:* 2.3.0 (including) 2.3.4 (including)
cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:* 2.3.0 (including) 2.3.4 (including)


References to Advisories, Solutions, and Tools