-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.4.7-beta1, < 2.4.7-p4 | 2.4.7-p4 |
| magento/community-edition | composer | >= 2.4.6-p1, < 2.4.6-p9 | 2.4.6-p9 |
| magento/community-edition | composer | >= 2.4.5-p1, < 2.4.5-p11 | 2.4.5-p11 |
| magento/community-edition | composer | < 2.4.4-p12 | 2.4.4-p12 |
| magento/community-edition | composer | = 2.4.7 | |
| magento/community-edition | composer | = 2.4.6 | |
| magento/community-edition | composer | = 2.4.5 | |
| magento/community-edition | composer | = 2.4.4 | |
| magento/community-edition | composer | = 2.4.8-beta1 | |
| magento/project-community-edition | composer | <= 2.0.2 |
Miggo AIRoot Cause AnalysisThe vulnerability centers on improper input neutralization in form fields (CWE-79). Magento's rendering pipeline using AbstractBlock::toHtml and UI component form handling are common XSS vectors when escaping is omitted. Product attribute rendering is also a frequent target for stored XSS. While no patch details are available, these components align with the described attack pattern of stored XSS via form fields. Confidence is medium due to reliance on common Magento XSS patterns rather than explicit patch analysis.
PHPPHPKEV Misses 88% of Exploited CVEs- Get the report