Miggo Logo

CVE-2020-9581: Magento stored cross-site scripting vulnerability

6.1

CVSS Score
3.1

Basic Information

EPSS Score
0.61942%
Published
5/24/2022
Updated
2/10/2025
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
magento/community-editioncomposer<= 2.2.11
magento/community-editioncomposer>= 2.3.0, < 2.3.4-p22.3.4-p2
magento/corecomposer< 1.9.4.51.9.4.5
magento/project-community-editioncomposer<= 2.0.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The analysis focused on identifying functions that were either directly related to the vulnerability (e.g., through input processing or output rendering) or were modified as part of the security patch to mitigate potential vulnerabilities. The changes observed in the patches suggest a focus on improving session management, input validation, and output sanitization, which are common areas of concern for security vulnerabilities like XSS and session fixation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

M***nto v*rsions *.*.* *n* **rli*r, *.*.** *n* **rli*r (s** not*), *.**.*.* *n* **rli*r, *n* *.*.*.* *n* **rli*r **v* * stor** *ross-sit* s*riptin* vuln*r**ility. Su***ss*ul *xploit*tion *oul* l*** to s*nsitiv* in*orm*tion *is*losur*.

Reasoning

T** *n*lysis *o*us** on i**nti*yin* *un*tions t**t w*r* *it**r *ir**tly r*l*t** to t** vuln*r**ility (*.*., t*rou** input pro**ssin* or output r*n**rin*) or w*r* mo*i*i** *s p*rt o* t** s**urity p*t** to miti**t* pot*nti*l vuln*r**iliti*s. T** ***n**