-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe patch modifies the getNameUnsanitizedHtml function to use escaper.escapeHtml, indicating that the original function was vulnerable to XSS. This function is used to render product names, and the patch ensures that user-input data is properly sanitized.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | < 2.3.6-p1 | 2.3.6-p1 |
| magento/community-edition | composer | >= 2.4.0, < 2.4.2 | 2.4.2 |