magento/community-edition Security Advisories for 2.4.3-p1 (96)
-
[HIGH] Magento provides incorrect authorization through a security feature bypass
PKSA-sx8r-h4sj-cx12 CVE-2025-54263 GHSA-69x9-xp2j-w8g8
Affected version: =2.4.6|=2.4.7|=2.4.8|<2.4.6-p13|>=2.4.7-beta1,<2.4.7-p8|>=2.4.8-beta1,<2.4.8-p3|>=2.4.9-alpha1,<2.4.9-alpha3
Reported by:
GitHub -
[HIGH] Magento vulnerable to stored Cross-Site Scripting (XSS)
PKSA-kfkq-dx9k-8hdv CVE-2025-54264 GHSA-2768-5wmv-cfff
Affected version: =2.4.6|=2.4.7|=2.4.8|<2.4.6-p13|>=2.4.7-beta1,<2.4.7-p8|>=2.4.8-beta1,<2.4.8-p3|>=2.4.9-alpha1,<2.4.9-alpha3
Reported by:
GitHub -
[MEDIUM] Magento allows incorrect authorization
PKSA-xbxj-3c74-rztg CVE-2025-54265 GHSA-r355-75hw-r8jf
Affected version: =2.4.6|=2.4.7|=2.4.8|<2.4.6-p13|>=2.4.7-beta1,<2.4.7-p8|>=2.4.8-beta1,<2.4.8-p3|>=2.4.9-alpha1,<2.4.9-alpha3
Reported by:
GitHub -
[MEDIUM] Magento vulnerable to stored Cross-Site Scripting (XSS)
PKSA-k1pj-8rhw-k527 CVE-2025-54266 GHSA-pcrx-r49h-x2w5
Affected version: =2.4.6|=2.4.7|=2.4.8|<2.4.6-p13|>=2.4.7-beta1,<2.4.7-p8|>=2.4.8-beta1,<2.4.8-p3|>=2.4.9-alpha1,<2.4.9-alpha3
Reported by:
GitHub -
[MEDIUM] Magento vulnerable to privilege escalation due to incorrect authorization
PKSA-cdwr-82gv-fq4r CVE-2025-54267 GHSA-qvwr-p3hj-j6jf
Affected version: =2.4.6|=2.4.7|=2.4.8|<2.4.6-p13|>=2.4.7-beta1,<2.4.7-p8|>=2.4.8-beta1,<2.4.8-p3|>=2.4.9-alpha1,<2.4.9-alpha3
Reported by:
GitHub -
[CRITICAL] Magento Community Edition Improper Input Validation vulnerability
PKSA-zy5h-f76g-zq5h CVE-2025-54236 GHSA-wh92-6q6g-px7j
Affected version: =2.4.9|>=2.4.8-beta1,<=2.4.8-p2|>=2.4.7-beta1,<=2.4.7-p7|=2.4.8|=2.4.7|>=2.4.9-alpha1,<=2.4.9-alpha2|=2.4.5|>=2.4.6-p1,<=2.4.6-p12|=2.4.6|<=2.4.5-p14
Reported by:
GitHub -
[HIGH] Magento vulnerable to denial of service
PKSA-pn21-84x4-fh3j CVE-2025-49554 GHSA-xgfm-992v-h2hr
Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p14|>=2.4.6-p1,<2.4.6-p12|>=2.4.7-beta1,<2.4.7-p7|>=2.4.8-beta1,<2.4.8-p2|>=2.4.9-alpha1,<2.4.9-alpha2
Reported by:
GitHub -
[HIGH] Magento Cross-Site Request Forgery (CSRF) vulnerability
PKSA-23gm-rmhm-83mc CVE-2025-49555 GHSA-5777-jj7p-mpqw
Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p14|>=2.4.6-p1,<2.4.6-p12|>=2.4.7-beta1,<2.4.7-p7|>=2.4.8-beta1,<2.4.8-p2|>=2.4.9-alpha1,<2.4.9-alpha2
Reported by:
GitHub -
[HIGH] Magento has incorrect authorization issue that leads to arbitrary file system read
PKSA-br3d-5r49-ycpt CVE-2025-49556 GHSA-7hrj-3c9x-xv5h
Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p14|>=2.4.6-p1,<2.4.6-p12|>=2.4.7-beta1,<2.4.7-p7|>=2.4.8-beta1,<2.4.8-p2|>=2.4.9-alpha1,<2.4.9-alpha2
Reported by:
GitHub -
[HIGH] Magento Cross-site Scripting vulnerability
PKSA-j53w-rgct-w5r6 CVE-2025-49557 GHSA-8mq8-c243-2335
Affected version: =2.4.8|>=2.4.7-p1,<2.4.7-p7|>=2.4.6-p1,<2.4.6-p12|>=2.4.5-p1,<2.4.5-p14|<2.4.4-p15
Reported by:
GitHub -
[MEDIUM] Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
PKSA-jghm-1dxh-r2mf CVE-2025-49558 GHSA-wcmw-8xpp-rwfj
Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p14|>=2.4.6-p1,<2.4.6-p12|>=2.4.7-beta1,<2.4.7-p7|>=2.4.8-beta1,<2.4.8-p2|>=2.4.9-alpha1,<2.4.9-alpha2
Reported by:
GitHub -
[MEDIUM] Magento vulnerable to path traversal
PKSA-j661-47kj-8y19 CVE-2025-49559 GHSA-h4f4-gv6h-x824
Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p14|>=2.4.6-p1,<2.4.6-p12|>=2.4.7-beta1,<2.4.7-p7|>=2.4.8-beta1,<2.4.8-p2|>=2.4.9-alpha1,<2.4.9-alpha2
Reported by:
GitHub -
[LOW] Magento Authenticated Security feature bypass
PKSA-z33d-78qh-jd88 CVE-2025-49549 GHSA-85jx-x9r4-45m2
Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p13|>=2.4.6-p1,<2.4.6-p11|>=2.4.7-beta1,<2.4.7-p6
Reported by:
GitHub -
[MEDIUM] Magento Security feature bypass
PKSA-w1hm-vgyt-d5ty CVE-2025-49550 GHSA-8hcx-xvww-6c6h
Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p13|>=2.4.6-p1,<2.4.6-p11|>=2.4.7-beta1,<2.4.7-p6
Reported by:
GitHub -
[HIGH] Magento Improper Authorization leading to security feature bypass
PKSA-25jg-bht9-cn5m CVE-2025-43585 GHSA-r487-9vv5-75gg
Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p13|>=2.4.6-p1,<2.4.6-p11|>=2.4.7-beta1,<2.4.7-p6
Reported by:
GitHub -
[CRITICAL] Magneto contains stored XSS vulnerability
PKSA-rb7h-1s2b-4dwg CVE-2025-47110 GHSA-j934-vjh5-vf9r
Affected version: =2.4.6|>=2.4.6-p1,<2.4.6-p11|=2.4.5|=2.4.8|=2.4.7|<2.4.5-p13|>=2.4.7-beta1,<2.4.7-p6|>=2.4.8-beta1,<2.4.8-p1
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control leads to security feature bypass
PKSA-twxs-5jt6-zf4j CVE-2025-27206 GHSA-g2pj-xmxq-3r9q
Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p13|>=2.4.6-p1,<2.4.6-p11|>=2.4.7-beta1,<2.4.7-p6
Reported by:
GitHub -
[MEDIUM] Magento Improper Authorization vulnerability
PKSA-w3p3-6vqg-qcmr CVE-2025-27188 GHSA-rr2g-rrjj-xw86
Affected version: >=2.4.8-beta1,<2.4.8|=2.4.7|>=2.4.7-p1,<2.4.7-p5|>=2.4.6-p1,<2.4.6-p10|>=2.4.5-p1,<2.4.5-p12|=2.4.6|=2.4.5|=2.4.4|<2.4.4-p13
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control leads to Security feature bypass
PKSA-8xbp-3ytm-qmsr CVE-2025-27190 GHSA-6wq7-cg9h-mj6q
Affected version: =2.4.7|=2.4.6|=2.4.4|=2.4.5|>=2.4.8-beta1,<2.4.8-beta2|<2.4.4-p13|>=2.4.5-p1,<2.4.5-p12|>=2.4.6-p1,<2.4.6-p10|>=2.4.7-beta1,<2.4.7-p5
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control leads to Security feature bypass
PKSA-x76v-gf6x-15jx CVE-2025-27191 GHSA-vhcq-4xrm-2cr2
Affected version: =2.4.7|=2.4.6|=2.4.4|=2.4.5|>=2.4.8-beta1,<2.4.8-beta2|<2.4.4-p13|>=2.4.5-p1,<2.4.5-p12|>=2.4.6-p1,<2.4.6-p10|>=2.4.7-beta1,<2.4.7-p5
Reported by:
GitHub -
[LOW] Magento does not properly protect credentials
PKSA-r73x-rxyx-dytq CVE-2025-27192 GHSA-2r94-wm5v-4prx
Affected version: =2.4.7|=2.4.6|=2.4.4|=2.4.5|>=2.4.8-beta1,<2.4.8-beta2|<2.4.4-p13|>=2.4.5-p1,<2.4.5-p12|>=2.4.6-p1,<2.4.6-p10|>=2.4.7-beta1,<2.4.7-p5
Reported by:
GitHub -
[CRITICAL] Improper Authorization vulnerability in Magento and Adobe Commerce
PKSA-dkfb-rbxq-yjwm CVE-2025-24434 GHSA-fppq-f2m6-xv5c
Affected version: <2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4|>=2.4.8-beta1,<2.4.8-beta2
Reported by:
GitHub -
[MEDIUM] Magento Business Logic Error vulnerability
PKSA-7r2g-km67-fzjj CVE-2025-24425 GHSA-6ff8-jrfg-43hh
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-4fbw-nxjw-pfvz CVE-2025-24427 GHSA-v3hq-g424-5mgg
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento stored Cross-Site Scripting (XSS) vulnerability
PKSA-zmv5-8rn8-bcky CVE-2025-24428 GHSA-mm87-rrqx-94cr
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[LOW] Magento Improper Access Control vulnerability
PKSA-74vv-j3wm-1rmr CVE-2025-24429 GHSA-656q-fx2w-8ccv
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[LOW] Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
PKSA-3fgq-966m-4b4d CVE-2025-24430 GHSA-6w27-c66f-gvhq
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[LOW] Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
PKSA-scxw-rbh8-zprd CVE-2025-24432 GHSA-7jmr-43qj-pw47
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-5cry-7724-1qnd CVE-2025-24435 GHSA-82p4-55gj-956p
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|>=2.4.5-p1,<2.4.5-p11|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-m4dw-3q4p-45bh CVE-2025-24436 GHSA-ghpr-6qhr-rpp8
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-m5fw-drjh-dkpx CVE-2025-24437 GHSA-469f-wf4f-3jjv
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento stored Cross-Site Scripting (XSS) vulnerability
PKSA-1zf5-sgkc-jzyt CVE-2025-24438 GHSA-8884-7rm9-mrx4
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Adobe Commerce Path Traversal
PKSA-1xz1-g451-tt2n CVE-2025-24406 GHSA-954p-ff72-327w
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Information Exposure vulnerability
PKSA-xvsr-wng1-pxg6 CVE-2025-24408 GHSA-3cfg-w257-cgf8
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Adobe Commerce Improper Authorization vulnerability
PKSA-tbwj-d61p-nbfx CVE-2025-24409 GHSA-vw47-79jv-3598
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-fnqn-wmgf-dz5q CVE-2025-24410 GHSA-gjxp-46rq-wg4q
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Improper Access Control vulnerability
PKSA-6bw6-vk81-1ktc CVE-2025-24411 GHSA-36hw-x3cc-m258
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-q458-hszg-5wns CVE-2025-24412 GHSA-m4rg-mpp2-97px
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-cnnr-cdx4-pzsf CVE-2025-24413 GHSA-xwgx-8v72-4j5j
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-q54t-8dp2-cc8r CVE-2025-24414 GHSA-fhw6-3mj5-w9gv
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-rbtq-c7hb-whdk CVE-2025-24415 GHSA-gc27-rvvm-q77r
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-kcjr-8cb1-qp39 CVE-2025-24416 GHSA-rjjw-g6hw-7pc9
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-vygn-g55g-pygn CVE-2025-24417 GHSA-g3j6-9753-8mp2
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Incorrect Authorization vulnerability
PKSA-bfth-jyjv-9bmg CVE-2025-24421 GHSA-v6r2-425c-hfrr
Affected version: =2.4.8-beta1|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-mhqr-9knx-97tc CVE-2025-24424 GHSA-539v-w87w-w62c
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Authorization vulnerability
PKSA-yx36-4pvc-fy33 CVE-2024-45131 GHSA-xc5p-773w-m3pm
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[HIGH] Magento Open Source Improper Authorization vulnerability
PKSA-g59s-h86c-d272 CVE-2024-45132 GHSA-5f64-ppmg-cvvm
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Information Exposure vulnerability
PKSA-k213-y2gv-f361 CVE-2024-45133 GHSA-j3mh-wx5f-2vhg
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Information Exposure vulnerability
PKSA-fg7g-5j9c-3snf CVE-2024-45134 GHSA-4f89-5cwm-rm5g
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-t8cd-w48x-nzyk CVE-2024-45135 GHSA-8pxg-gcp4-57ww
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[LOW] Magento Open Source Improper Access Control vulnerability
PKSA-zp2y-jcbv-86tw CVE-2024-45149 GHSA-w7rg-7wq2-pjrw
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Cross-Site Scripting (XSS) vulnerability
PKSA-w47m-6mjs-p6p5 CVE-2024-45116 GHSA-873m-72g6-853g
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Input Validation vulnerability
PKSA-11qw-117j-ntf6 CVE-2024-45117 GHSA-3fr3-gcqh-3m2g
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[HIGH] Magento Open Source Improper Access Control vulnerability
PKSA-nmsp-4zh6-c2yy CVE-2024-45118 GHSA-cg52-68fv-94qq
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
PKSA-7ymh-b7jr-kcyn CVE-2024-45119 GHSA-g9fm-wc6h-pvgj
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
PKSA-5bd5-9qvn-r6z1 CVE-2024-45120 GHSA-47jp-46c9-25vf
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-5d5h-vdxk-9rb4 CVE-2024-45121 GHSA-2qhq-fw98-h6wg
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-trg9-zwtk-rt2y CVE-2024-45122 GHSA-46fm-x82m-5f74
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability
PKSA-q3cy-4db7-mxq5 CVE-2024-45123 GHSA-88x2-cq34-5fwc
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-g52f-ss82-znpd CVE-2024-45124 GHSA-w3p2-pc3h-69wv
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Incorrect Authorization vulnerability
PKSA-vc9p-z4vk-zhsm CVE-2024-45125 GHSA-xg36-8c2v-jpxh
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source stored Cross-Site Scripting (XSS) vulnerability
PKSA-rc6f-2sj1-779v CVE-2024-45127 GHSA-c89g-gq5r-2xw2
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Authorization vulnerability
PKSA-jqmh-mscm-q45w CVE-2024-45128 GHSA-qpp7-742q-58j3
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-8ttm-6rvp-fshh CVE-2024-45129 GHSA-m58h-998x-66f3
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-35sf-fj41-ym76 CVE-2024-45130 GHSA-v3v6-jfvw-m576
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Path Traversal vulnerability
PKSA-dw79-2frq-sm6h CVE-2024-39406 GHSA-6pxh-2557-5cj5
Affected version: =2.4.4|<2.4.4-p10|=2.4.5|>=2.4.5-p1,<2.4.5-p9|=2.4.6|>=2.4.6-p1,<2.4.6-p7|=2.4.7|>=2.4.7-p1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Open Source Cross-Site Request Forgery vulnerability
PKSA-dzsz-sjtm-vq7t CVE-2024-39408 GHSA-4cj6-f32v-6hgx
Affected version: =2.4.4|<2.4.4-p10|=2.4.5|>=2.4.5-p1,<2.4.5-p9|=2.4.6|>=2.4.6-p1,<2.4.6-p7|=2.4.7|>=2.4.7-p1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
PKSA-8qcx-d884-ntny CVE-2024-39409 GHSA-rf4q-m23c-7q8r
Affected version: =2.4.4|<2.4.4-p10|=2.4.5|>=2.4.5-p1,<2.4.5-p9|=2.4.6|>=2.4.6-p1,<2.4.6-p7|=2.4.7|>=2.4.7-p1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
PKSA-x9tz-w7x6-ncgm CVE-2024-39410 GHSA-4323-f82v-f6jr
Affected version: =2.4.4|<2.4.4-p10|=2.4.5|>=2.4.5-p1,<2.4.5-p9|=2.4.6|>=2.4.6-p1,<2.4.6-p7|=2.4.7|>=2.4.7-p1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Improper Authorization leads to security feature bypass
PKSA-4jrq-qp4c-nqw3 CVE-2024-39411 GHSA-qm77-mqf3-fmhq
Affected version: =2.4.7|=2.4.6|=2.4.5|=2.4.4|<2.4.4-p10|>=2.4.5-p1,<2.4.5-p9|>=2.4.6-p1,<2.4.6-p7|>=2.4.7-beta1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Authorization vulnerability
PKSA-sh88-myrv-9t1n CVE-2024-39412 GHSA-7472-vw39-g2j3
Affected version: =2.4.4|<2.4.4-p10|=2.4.5|>=2.4.5-p1,<2.4.5-p9|=2.4.6|>=2.4.6-p1,<2.4.6-p7|=2.4.7|>=2.4.7-p1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control Leads to Privilege escalation
PKSA-3dsp-c62d-w319 CVE-2024-39414 GHSA-x6f9-hv9r-fgq4
Affected version: =2.4.7|=2.4.6|=2.4.5|=2.4.4|<2.4.4-p10|>=2.4.5-p1,<2.4.5-p9|>=2.4.6-p1,<2.4.6-p7|>=2.4.7-beta1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Improper Authorization Leading to Security feature bypass
PKSA-dv99-1512-ggts CVE-2024-39415 GHSA-gj93-84g5-mcjq
Affected version: =2.4.7|=2.4.6|=2.4.5|=2.4.4|<2.4.4-p10|>=2.4.5-p1,<2.4.5-p9|>=2.4.6-p1,<2.4.6-p7|>=2.4.7-beta1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Improper Authorization leads to Security feature bypass
PKSA-ym4p-zvby-x7kh CVE-2024-39416 GHSA-4xgg-rw35-7mv5
Affected version: =2.4.7|=2.4.6|=2.4.5|=2.4.4|<2.4.4-p10|>=2.4.5-p1,<2.4.5-p9|>=2.4.6-p1,<2.4.6-p7|>=2.4.7-beta1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Improper Authorization leads to Security feature bypass
PKSA-2wt1-rrt9-7zvv CVE-2024-39417 GHSA-4xmj-f664-hv98
Affected version: =2.4.7|=2.4.6|=2.4.5|=2.4.4|<2.4.4-p10|>=2.4.5-p1,<2.4.5-p9|>=2.4.6-p1,<2.4.6-p7|>=2.4.7-beta1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control Leads to Privilege escalation
PKSA-8fss-fb1w-96f7 CVE-2024-39419 GHSA-74w7-cr4v-wf2v
Affected version: =2.4.7|=2.4.6|=2.4.5|=2.4.4|<2.4.4-p10|>=2.4.5-p1,<2.4.5-p9|>=2.4.6-p1,<2.4.6-p7|>=2.4.7-beta1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
PKSA-zmwm-kwzt-pms6 CVE-2024-34111 GHSA-jmqp-r3gg-6jh3
Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7
Reported by:
GitHub -
[CRITICAL] Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability
PKSA-71k8-bhfg-zj3d CVE-2024-34102 GHSA-m8cj-3v68-3cxj
Affected version: =2.4.7|=2.4.6|=2.4.5|<2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4
Reported by:
GitHub -
[CRITICAL] Magento Open Source Improper Authentication vulnerability
PKSA-29px-skjv-7bmn CVE-2024-34103 GHSA-f7q4-9gwv-6774
Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7
Reported by:
GitHub -
[HIGH] Magento Open Source Improper Authorization vulnerability
PKSA-pbd2-8ctn-8ptb CVE-2024-34104 GHSA-wwj3-573j-rvvm
Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7
Reported by:
GitHub -
[MEDIUM] Magento Open Source Cross-Site Scripting (XSS) vulnerability
PKSA-gc3j-nr7v-3th6 CVE-2024-34105 GHSA-5632-wq7m-gfq9
Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7
Reported by:
GitHub -
[MEDIUM] Magento Open Source Incorrect Authorization vulnerability
PKSA-jfkj-qxdn-854f CVE-2024-34106 GHSA-p6h9-gx5g-wg64
Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-mw1m-j257-zksc CVE-2024-34107 GHSA-r7cm-g469-wm4g
Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7
Reported by:
GitHub -
[MEDIUM] Magento Open Source affected by Improper Input Validation
PKSA-qfn2-f46x-6ttj CVE-2022-24093 GHSA-5xmp-7wg5-x68q
Affected version: >=2.3.7-p1,<2.3.7-p3|=2.4.3-p1|=2.3.7|=2.4.3
Reported by:
GitHub -
[HIGH] Magento Improper input validation vulnerability
PKSA-228k-hrjg-43zp CVE-2022-42344 GHSA-297f-r9w7-w492
Affected version: =2.4.4|>=2.4.0,<2.4.3-p3|<2.3.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Improper Access Control
PKSA-r1tt-s1xd-91xp CVE-2022-35689 GHSA-5fxx-jwjm-x9hj
Affected version: =2.4.3|>=2.4.3-p1,<=2.4.3-p3|=2.4.5|=2.4.4|=2.4.4-p1
Reported by:
GitHub -
[HIGH] Magento Open Source allows Stored Cross-Site Scripting (Stored XSS)
PKSA-17zv-t3ph-7s2g CVE-2022-35698 GHSA-4vj2-426r-jm3g
Affected version: =2.4.3|>=2.4.3-p1,<=2.4.3-p3|=2.4.5|=2.4.4|=2.4.4-p1
Reported by:
GitHub -
[MEDIUM] Magento Open Source has Improper Access Control vulnerability
PKSA-3q2b-d8qb-zr9s CVE-2022-35692 GHSA-gm4m-9rm8-7rxj
Affected version: =2.4.3|=2.4.4|=2.3.7|>=2.3.7-p1,<2.3.7-p4|>=2.4.3-p1,<2.4.3-p3
Reported by:
GitHub -
[HIGH] Magento Path Traversal vulnerability
PKSA-rnsh-tzs8-qzqg CVE-2022-34254 GHSA-fx9g-g9q6-x3jx
Affected version: =2.4.4|>=2.4.0,<2.4.3-p3|>=2.3.0,<2.3.7-p4
Reported by:
GitHub -
[HIGH] Magento Improper Access Control vulnerability
PKSA-858j-1s59-ycmj CVE-2022-34255 GHSA-x95x-f4g9-mm85
Affected version: >=2.4.0,<2.4.3-p3|>=2.4.4,<2.4.5|>=2.3.0,<2.3.7-p4
Reported by:
GitHub -
[HIGH] Magento Improper Authorization vulnerability
PKSA-4kq2-8xg5-xc5f CVE-2022-34256 GHSA-r7mm-grf3-5fjv
Affected version: >=2.4.0,<2.4.3-p3|>=2.4.4,<2.4.5|>=2.3.0,<2.3.7-p4
Reported by:
GitHub -
[MEDIUM] Magento stored Cross-Site Scripting (XSS) vulnerability
PKSA-8rxk-pq5k-p21j CVE-2022-34257 GHSA-rg7p-wmgj-f374
Affected version: >=2.4.0,<2.4.3-p3|>=2.4.4,<2.4.5|>=2.3.0,<2.3.7-p4
Reported by:
GitHub -
[MEDIUM] Magento stored Cross-Site Scripting (XSS) vulnerability
PKSA-48rk-jcyb-xpsd CVE-2022-34258 GHSA-5m55-g8pv-x8ww
Affected version: >=2.4.0,<2.4.3-p3|>=2.4.4,<2.4.5|>=2.3.0,<2.3.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-1w77-ttnz-wb1k CVE-2022-34259 GHSA-9wjf-94h3-r4rh
Affected version: >=2.4.0,<2.4.3-p3|>=2.4.4,<2.4.5|>=2.3.0,<2.3.7-p4
Reported by:
GitHub -
[CRITICAL] Magento XML Injection vulnerability in the Widgets Module
PKSA-ky72-2cr3-p8cw CVE-2022-34253 GHSA-cj7w-pm77-hvg6
Affected version: >=2.4.0,<2.4.3-p3|>=2.4.4,<2.4.5|<2.3.7-p4
Reported by:
GitHub -
[CRITICAL] Magento improper input validation vulnerability
PKSA-bck7-ptrd-xq9f CVE-2022-24086 GHSA-f8fv-f786-9933
Affected version: >=2.4.0,<2.4.3-p2|>=2.3.3-p1,<2.3.7-p3
Reported by:
GitHub