Miggo Logo
Miggo Vulnerability Database
CVE-2020-9581

CVE-2020-9581: Magento stored cross-site scripting vulnerability

6.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-9581
GHSA ID
GHSA-2w2x-7qgj-4x78
EPSS Score
0.61942%
CWE
CWE-79
Published
5/24/2022
Updated
2/10/2025
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
magento/community-editioncomposer<= 2.2.11
magento/community-editioncomposer>= 2.3.0, < 2.3.4-p22.3.4-p2
magento/corecomposer< 1.9.4.51.9.4.5
magento/project-community-editioncomposer<= 2.0.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The analysis focused on identifying functions that were either directly related to the vulnerability (e.g., through input processing or output rendering) or were modified as part of the security patch to mitigate potential vulnerabilities. The changes observed in the patches suggest a focus on improving session management, input validation, and output sanitization, which are common areas of concern for security vulnerabilities like XSS and session fixation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

M***nto v*rsions *.*.* *n* **rli*r, *.*.** *n* **rli*r (s** not*), *.**.*.* *n* **rli*r, *n* *.*.*.* *n* **rli*r **v* * stor** *ross-sit* s*riptin* vuln*r**ility. Su***ss*ul *xploit*tion *oul* l*** to s*nsitiv* in*orm*tion *is*losur*.

Reasoning

T** *n*lysis *o*us** on i**nti*yin* *un*tions t**t w*r* *it**r *ir**tly r*l*t** to t** vuln*r**ility (*.*., t*rou** input pro**ssin* or output r*n**rin*) or w*r* mo*i*i** *s p*rt o* t** s**urity p*t** to miti**t* pot*nti*l vuln*r**iliti*s. T** ***n**