Miggo Logo

CVE-2019-8227: Magento XSS Vulnerability

4.8

CVSS Score
3.1

Basic Information

EPSS Score
0.83453%
Published
5/24/2022
Updated
1/11/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
magento/corecomposer< 1.9.4.31.9.4.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability manifests in two key phases: 1) Input handling during profile configuration (Controller save() action) where malicious XML is accepted without sanitization, and 2) Output generation when the stored XML is rendered (Model getter). The controller's saveAction is the primary injection point while the model's getActionsXml enables payload execution. These align with Magento's typical import/export profile management flow and the advisory's focus on profile action XML manipulation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In M***nto prior to *.*.*.* *n* M***nto prior to *.**.*.*, *n *ut**nti**t** us*r wit* limit** **ministr*tiv* privil***s **n inj**t *r*itr*ry J*v*S*ript *o** vi* import / *xport *un*tion*lity w**n *r**tin* pro*il* **tion XML.

Reasoning

T** vuln*r**ility m*ni**sts in two k*y p**s*s: *) Input **n*lin* *urin* pro*il* *on*i*ur*tion (*ontroll*r `s*v*()` **tion) w**r* m*li*ious XML is ****pt** wit*out s*nitiz*tion, *n* *) Output **n*r*tion w**n t** stor** XML is r*n**r** (Mo**l `**tt*r`)