← volver
CVE-2020-24408

Stored XSS in customer address upload feature

CVSS 6.1 MEDIUMEPSS 1.7%CWE-79
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.1EPSS 1.7%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
16 oct 2020Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other Magento users. This vulnerability requires a victim to browse to the uploaded file.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Productos afectados
Adobe · Magento Commerce

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://helpx.adobe.com/security/products/magento/apsb20-59.html