Security Advisories - magento/community-edition

magento/community-edition Security Advisories for 2.4.6-p8 (45)

[HIGH] Magento provides incorrect authorization through a security feature bypass

PKSA-sx8r-h4sj-cx12 CVE-2025-54263 GHSA-69x9-xp2j-w8g8

Affected version: =2.4.6|=2.4.7|=2.4.8|<2.4.6-p13|>=2.4.7-beta1,<2.4.7-p8|>=2.4.8-beta1,<2.4.8-p3|>=2.4.9-alpha1,<2.4.9-alpha3

Reported by:
GitHub
[HIGH] Magento vulnerable to stored Cross-Site Scripting (XSS)

PKSA-kfkq-dx9k-8hdv CVE-2025-54264 GHSA-2768-5wmv-cfff

Affected version: =2.4.6|=2.4.7|=2.4.8|<2.4.6-p13|>=2.4.7-beta1,<2.4.7-p8|>=2.4.8-beta1,<2.4.8-p3|>=2.4.9-alpha1,<2.4.9-alpha3

Reported by:
GitHub
[MEDIUM] Magento allows incorrect authorization

PKSA-xbxj-3c74-rztg CVE-2025-54265 GHSA-r355-75hw-r8jf

Affected version: =2.4.6|=2.4.7|=2.4.8|<2.4.6-p13|>=2.4.7-beta1,<2.4.7-p8|>=2.4.8-beta1,<2.4.8-p3|>=2.4.9-alpha1,<2.4.9-alpha3

Reported by:
GitHub
[MEDIUM] Magento vulnerable to stored Cross-Site Scripting (XSS)

PKSA-k1pj-8rhw-k527 CVE-2025-54266 GHSA-pcrx-r49h-x2w5

Affected version: =2.4.6|=2.4.7|=2.4.8|<2.4.6-p13|>=2.4.7-beta1,<2.4.7-p8|>=2.4.8-beta1,<2.4.8-p3|>=2.4.9-alpha1,<2.4.9-alpha3

Reported by:
GitHub
[MEDIUM] Magento vulnerable to privilege escalation due to incorrect authorization

PKSA-cdwr-82gv-fq4r CVE-2025-54267 GHSA-qvwr-p3hj-j6jf

Affected version: =2.4.6|=2.4.7|=2.4.8|<2.4.6-p13|>=2.4.7-beta1,<2.4.7-p8|>=2.4.8-beta1,<2.4.8-p3|>=2.4.9-alpha1,<2.4.9-alpha3

Reported by:
GitHub
[CRITICAL] Magento Community Edition Improper Input Validation vulnerability

PKSA-zy5h-f76g-zq5h CVE-2025-54236 GHSA-wh92-6q6g-px7j

Affected version: =2.4.9|>=2.4.8-beta1,<=2.4.8-p2|>=2.4.7-beta1,<=2.4.7-p7|=2.4.8|=2.4.7|>=2.4.9-alpha1,<=2.4.9-alpha2|=2.4.5|>=2.4.6-p1,<=2.4.6-p12|=2.4.6|<=2.4.5-p14

Reported by:
GitHub
[HIGH] Magento vulnerable to denial of service

PKSA-pn21-84x4-fh3j CVE-2025-49554 GHSA-xgfm-992v-h2hr

Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p14|>=2.4.6-p1,<2.4.6-p12|>=2.4.7-beta1,<2.4.7-p7|>=2.4.8-beta1,<2.4.8-p2|>=2.4.9-alpha1,<2.4.9-alpha2

Reported by:
GitHub
[HIGH] Magento Cross-Site Request Forgery (CSRF) vulnerability

PKSA-23gm-rmhm-83mc CVE-2025-49555 GHSA-5777-jj7p-mpqw

Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p14|>=2.4.6-p1,<2.4.6-p12|>=2.4.7-beta1,<2.4.7-p7|>=2.4.8-beta1,<2.4.8-p2|>=2.4.9-alpha1,<2.4.9-alpha2

Reported by:
GitHub
[HIGH] Magento has incorrect authorization issue that leads to arbitrary file system read

PKSA-br3d-5r49-ycpt CVE-2025-49556 GHSA-7hrj-3c9x-xv5h

Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p14|>=2.4.6-p1,<2.4.6-p12|>=2.4.7-beta1,<2.4.7-p7|>=2.4.8-beta1,<2.4.8-p2|>=2.4.9-alpha1,<2.4.9-alpha2

Reported by:
GitHub
[HIGH] Magento Cross-site Scripting vulnerability

PKSA-j53w-rgct-w5r6 CVE-2025-49557 GHSA-8mq8-c243-2335

Affected version: =2.4.8|>=2.4.7-p1,<2.4.7-p7|>=2.4.6-p1,<2.4.6-p12|>=2.4.5-p1,<2.4.5-p14|<2.4.4-p15

Reported by:
GitHub
[MEDIUM] Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability

PKSA-jghm-1dxh-r2mf CVE-2025-49558 GHSA-wcmw-8xpp-rwfj

Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p14|>=2.4.6-p1,<2.4.6-p12|>=2.4.7-beta1,<2.4.7-p7|>=2.4.8-beta1,<2.4.8-p2|>=2.4.9-alpha1,<2.4.9-alpha2

Reported by:
GitHub
[MEDIUM] Magento vulnerable to path traversal

PKSA-j661-47kj-8y19 CVE-2025-49559 GHSA-h4f4-gv6h-x824

Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p14|>=2.4.6-p1,<2.4.6-p12|>=2.4.7-beta1,<2.4.7-p7|>=2.4.8-beta1,<2.4.8-p2|>=2.4.9-alpha1,<2.4.9-alpha2

Reported by:
GitHub
[LOW] Magento Authenticated Security feature bypass

PKSA-z33d-78qh-jd88 CVE-2025-49549 GHSA-85jx-x9r4-45m2

Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p13|>=2.4.6-p1,<2.4.6-p11|>=2.4.7-beta1,<2.4.7-p6

Reported by:
GitHub
[MEDIUM] Magento Security feature bypass

PKSA-w1hm-vgyt-d5ty CVE-2025-49550 GHSA-8hcx-xvww-6c6h

Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p13|>=2.4.6-p1,<2.4.6-p11|>=2.4.7-beta1,<2.4.7-p6

Reported by:
GitHub
[HIGH] Magento Improper Authorization leading to security feature bypass

PKSA-25jg-bht9-cn5m CVE-2025-43585 GHSA-r487-9vv5-75gg

Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p13|>=2.4.6-p1,<2.4.6-p11|>=2.4.7-beta1,<2.4.7-p6

Reported by:
GitHub
[CRITICAL] Magneto contains stored XSS vulnerability

PKSA-rb7h-1s2b-4dwg CVE-2025-47110 GHSA-j934-vjh5-vf9r

Affected version: =2.4.6|>=2.4.6-p1,<2.4.6-p11|=2.4.5|=2.4.8|=2.4.7|<2.4.5-p13|>=2.4.7-beta1,<2.4.7-p6|>=2.4.8-beta1,<2.4.8-p1

Reported by:
GitHub
[MEDIUM] Magento Improper Access Control leads to security feature bypass

PKSA-twxs-5jt6-zf4j CVE-2025-27206 GHSA-g2pj-xmxq-3r9q

Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p13|>=2.4.6-p1,<2.4.6-p11|>=2.4.7-beta1,<2.4.7-p6

Reported by:
GitHub
[MEDIUM] Magento Improper Authorization vulnerability

PKSA-w3p3-6vqg-qcmr CVE-2025-27188 GHSA-rr2g-rrjj-xw86

Affected version: >=2.4.8-beta1,<2.4.8|=2.4.7|>=2.4.7-p1,<2.4.7-p5|>=2.4.6-p1,<2.4.6-p10|>=2.4.5-p1,<2.4.5-p12|=2.4.6|=2.4.5|=2.4.4|<2.4.4-p13

Reported by:
GitHub
[MEDIUM] Magento Improper Access Control leads to Security feature bypass

PKSA-8xbp-3ytm-qmsr CVE-2025-27190 GHSA-6wq7-cg9h-mj6q

Affected version: =2.4.7|=2.4.6|=2.4.4|=2.4.5|>=2.4.8-beta1,<2.4.8-beta2|<2.4.4-p13|>=2.4.5-p1,<2.4.5-p12|>=2.4.6-p1,<2.4.6-p10|>=2.4.7-beta1,<2.4.7-p5

Reported by:
GitHub
[MEDIUM] Magento Improper Access Control leads to Security feature bypass

PKSA-x76v-gf6x-15jx CVE-2025-27191 GHSA-vhcq-4xrm-2cr2

Affected version: =2.4.7|=2.4.6|=2.4.4|=2.4.5|>=2.4.8-beta1,<2.4.8-beta2|<2.4.4-p13|>=2.4.5-p1,<2.4.5-p12|>=2.4.6-p1,<2.4.6-p10|>=2.4.7-beta1,<2.4.7-p5

Reported by:
GitHub
[LOW] Magento does not properly protect credentials

PKSA-r73x-rxyx-dytq CVE-2025-27192 GHSA-2r94-wm5v-4prx

Affected version: =2.4.7|=2.4.6|=2.4.4|=2.4.5|>=2.4.8-beta1,<2.4.8-beta2|<2.4.4-p13|>=2.4.5-p1,<2.4.5-p12|>=2.4.6-p1,<2.4.6-p10|>=2.4.7-beta1,<2.4.7-p5

Reported by:
GitHub
[CRITICAL] Improper Authorization vulnerability in Magento and Adobe Commerce

PKSA-dkfb-rbxq-yjwm CVE-2025-24434 GHSA-fppq-f2m6-xv5c

Affected version: <2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4|>=2.4.8-beta1,<2.4.8-beta2

Reported by:
GitHub
[MEDIUM] Magento Business Logic Error vulnerability

PKSA-7r2g-km67-fzjj CVE-2025-24425 GHSA-6ff8-jrfg-43hh

Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4

Reported by:
GitHub
[MEDIUM] Magento Improper Access Control vulnerability

PKSA-4fbw-nxjw-pfvz CVE-2025-24427 GHSA-v3hq-g424-5mgg

Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4

Reported by:
GitHub
[MEDIUM] Magento stored Cross-Site Scripting (XSS) vulnerability

PKSA-zmv5-8rn8-bcky CVE-2025-24428 GHSA-mm87-rrqx-94cr

Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4

Reported by:
GitHub
[LOW] Magento Improper Access Control vulnerability

PKSA-74vv-j3wm-1rmr CVE-2025-24429 GHSA-656q-fx2w-8ccv

Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4

Reported by:
GitHub
[LOW] Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability

PKSA-3fgq-966m-4b4d CVE-2025-24430 GHSA-6w27-c66f-gvhq

Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4

Reported by:
GitHub
[LOW] Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability

PKSA-scxw-rbh8-zprd CVE-2025-24432 GHSA-7jmr-43qj-pw47

Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4

Reported by:
GitHub
[MEDIUM] Magento Improper Access Control vulnerability

PKSA-5cry-7724-1qnd CVE-2025-24435 GHSA-82p4-55gj-956p

Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|>=2.4.5-p1,<2.4.5-p11|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4

Reported by:
GitHub
[MEDIUM] Magento Improper Access Control vulnerability

PKSA-m4dw-3q4p-45bh CVE-2025-24436 GHSA-ghpr-6qhr-rpp8

Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4

Reported by:
GitHub
[MEDIUM] Magento Improper Access Control vulnerability

PKSA-m5fw-drjh-dkpx CVE-2025-24437 GHSA-469f-wf4f-3jjv

Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4

Reported by:
GitHub
[HIGH] Magento stored Cross-Site Scripting (XSS) vulnerability

PKSA-1zf5-sgkc-jzyt CVE-2025-24438 GHSA-8884-7rm9-mrx4

Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4

Reported by:
GitHub
[HIGH] Adobe Commerce Path Traversal

PKSA-1xz1-g451-tt2n CVE-2025-24406 GHSA-954p-ff72-327w

Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4

Reported by:
GitHub
[MEDIUM] Magento Information Exposure vulnerability

PKSA-xvsr-wng1-pxg6 CVE-2025-24408 GHSA-3cfg-w257-cgf8

Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4

Reported by:
GitHub
[HIGH] Adobe Commerce Improper Authorization vulnerability

PKSA-tbwj-d61p-nbfx CVE-2025-24409 GHSA-vw47-79jv-3598

Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4

Reported by:
GitHub
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability

PKSA-fnqn-wmgf-dz5q CVE-2025-24410 GHSA-gjxp-46rq-wg4q

Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4

Reported by:
GitHub
[HIGH] Magento Improper Access Control vulnerability

PKSA-6bw6-vk81-1ktc CVE-2025-24411 GHSA-36hw-x3cc-m258

Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4

Reported by:
GitHub
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability

PKSA-q458-hszg-5wns CVE-2025-24412 GHSA-m4rg-mpp2-97px

Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4

Reported by:
GitHub
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability

PKSA-cnnr-cdx4-pzsf CVE-2025-24413 GHSA-xwgx-8v72-4j5j

Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4

Reported by:
GitHub
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability

PKSA-q54t-8dp2-cc8r CVE-2025-24414 GHSA-fhw6-3mj5-w9gv

Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4

Reported by:
GitHub
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability

PKSA-rbtq-c7hb-whdk CVE-2025-24415 GHSA-gc27-rvvm-q77r

Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4

Reported by:
GitHub
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability

PKSA-kcjr-8cb1-qp39 CVE-2025-24416 GHSA-rjjw-g6hw-7pc9

Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4

Reported by:
GitHub
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability

PKSA-vygn-g55g-pygn CVE-2025-24417 GHSA-g3j6-9753-8mp2

Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4

Reported by:
GitHub
[MEDIUM] Magento Incorrect Authorization vulnerability

PKSA-bfth-jyjv-9bmg CVE-2025-24421 GHSA-v6r2-425c-hfrr

Affected version: =2.4.8-beta1|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4

Reported by:
GitHub
[MEDIUM] Magento Improper Access Control vulnerability

PKSA-mhqr-9knx-97tc CVE-2025-24424 GHSA-539v-w87w-w62c

Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4

Reported by:
GitHub

magento/community-edition Security Advisories for 2.4.6-p8 (45)

[HIGH] Magento provides incorrect authorization through a security feature bypass

[HIGH] Magento vulnerable to stored Cross-Site Scripting (XSS)

[MEDIUM] Magento allows incorrect authorization

[MEDIUM] Magento vulnerable to stored Cross-Site Scripting (XSS)

[MEDIUM] Magento vulnerable to privilege escalation due to incorrect authorization

[CRITICAL] Magento Community Edition Improper Input Validation vulnerability

[HIGH] Magento vulnerable to denial of service

[HIGH] Magento Cross-Site Request Forgery (CSRF) vulnerability

[HIGH] Magento has incorrect authorization issue that leads to arbitrary file system read

[HIGH] Magento Cross-site Scripting vulnerability

[MEDIUM] Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability

[MEDIUM] Magento vulnerable to path traversal

[LOW] Magento Authenticated Security feature bypass

[MEDIUM] Magento Security feature bypass

[HIGH] Magento Improper Authorization leading to security feature bypass

[CRITICAL] Magneto contains stored XSS vulnerability

[MEDIUM] Magento Improper Access Control leads to security feature bypass

[MEDIUM] Magento Improper Authorization vulnerability

[MEDIUM] Magento Improper Access Control leads to Security feature bypass

[MEDIUM] Magento Improper Access Control leads to Security feature bypass

[LOW] Magento does not properly protect credentials

[CRITICAL] Improper Authorization vulnerability in Magento and Adobe Commerce

[MEDIUM] Magento Business Logic Error vulnerability

[MEDIUM] Magento Improper Access Control vulnerability

[MEDIUM] Magento stored Cross-Site Scripting (XSS) vulnerability

[LOW] Magento Improper Access Control vulnerability

[LOW] Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability

[LOW] Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability

[MEDIUM] Magento Improper Access Control vulnerability

[MEDIUM] Magento Improper Access Control vulnerability

[MEDIUM] Magento Improper Access Control vulnerability

[HIGH] Magento stored Cross-Site Scripting (XSS) vulnerability

[HIGH] Adobe Commerce Path Traversal

[MEDIUM] Magento Information Exposure vulnerability

[HIGH] Adobe Commerce Improper Authorization vulnerability

[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability

[HIGH] Magento Improper Access Control vulnerability

[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability

[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability

[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability

[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability

[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability

[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability

[MEDIUM] Magento Incorrect Authorization vulnerability

[MEDIUM] Magento Improper Access Control vulnerability