-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability involves stored XSS in the admin panel's order management. Analysis focused on functions handling order comment data retrieval (Block methods) and output (templates). The absence of output escaping in these components aligns with the described XSS mechanism. Confidence is medium due to reliance on common vulnerability patterns without explicit patch details.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.1, < 2.1.18 | 2.1.18 |
| magento/community-edition | composer | >= 2.2, < 2.2.9 | 2.2.9 |
| magento/community-edition |
| composer |
| >= 2.3, < 2.3.2 |
| 2.3.2 |
Ongoing coverage of React2Shell