-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.1, < 2.1.18 | 2.1.18 |
| magento/community-edition | composer | >= 2.2, < 2.2.9 | 2.2.9 |
| magento/community-edition | composer | >= 2.3, < 2.3.2 | 2.3.2 |
Miggo AIRoot Cause AnalysisThe vulnerability centers on unescaped page title handling in admin panels. Magento's typical XSS fixes involve adding escapeHtml() in templates. The CMS page editing interface (Edit.php block and edit.phtml template) would be the logical location for title rendering. While exact patch details aren't shown, the advisory's focus on content page title modification and stored XSS pattern strongly suggests missing output escaping in these components.