-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe provided vulnerability information describes a stored XSS via email field manipulation in Magento's admin panel, but the critical technical details required to pinpoint exact vulnerable functions are missing. The GitHub patch and commit diff information are explicitly stated as unavailable, and the CVE/GHSA descriptions do not provide specific code references. While the vulnerability likely involves insufficient input sanitization in POST request handling (e.g., customer email update controllers) and improper output escaping in admin dashboard templates/blocks, the lack of concrete evidence (e.g., patched function names, file paths, or code snippets) precludes high-confidence identification of specific functions. Magento's modular architecture and the absence of code changes in the provided data make speculative mapping unreliable.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.1.0, < 2.1.19 | 2.1.19 |
| magento/community-edition | composer | >= 2.2.0, < 2.2.10 | 2.2.10 |
| magento/community-edition | composer | >= 2.3.0, < 2.3.3 | 2.3.3 |
PHPPHPOngoing coverage of React2Shell