openmage/magento-lts Security Advisories for v20.0.13 (11)
-
[LOW] Magento LTS vulnerable to stored XSS in theme config fields
PKSA-626k-1yg1-m164 CVE-2025-27400 GHSA-5pxh-89cx-4668
Affected version: <20.12.3
Reported by:
GitHub -
[MEDIUM] Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs
PKSA-w1pc-fvwg-8vsf CVE-2024-41676 GHSA-5vrp-638w-p8m2
Affected version: <20.10.1
Reported by:
GitHub -
[MEDIUM] Magento LTS vulnerable to stored XSS in admin file form
PKSA-7kjg-jm3v-dfw2 GHSA-gp6m-fq6h-cjcx
Affected version: <19.5.3|>=20.0.0,<20.5.0
Reported by:
GitHub -
[HIGH] Magento LTS vulnerable to Stored XSS via TinyMCE WYSIWYG Editor
PKSA-gyfx-x49w-8nbg GHSA-9j5w-2cqc-cwj9
Affected version: <20.2.0
Reported by:
GitHub -
[HIGH] Magento LTS's guest order "protect code" can be brute-forced too easily
PKSA-w6px-tkth-7g4y CVE-2023-41879 GHSA-9358-cpvx-c2qp
Affected version: >=20.0.0,<=20.1.0|<=19.5.0
Reported by:
GitHub -
[HIGH] DataFlow upload remote code execution vulnerability
PKSA-14st-8g6h-6qyt CVE-2021-41231 GHSA-h632-p764-pjqm
Affected version: >=20.0.0,<20.0.19|<19.4.22
Reported by:
GitHub -
[HIGH] Fix for authenticated remote code execution through layout update
PKSA-17zx-zwgr-c4fs CVE-2021-41144 GHSA-5j2g-3ph4-rgvm
Affected version: >=20.0.0,<20.0.19|<19.4.22
Reported by:
GitHub -
[MEDIUM] DoS vulnerability in MaliciousCode filter
PKSA-d7zw-pyw4-4byv CVE-2023-23617 GHSA-3p73-mm7v-4f6m
Affected version: >=20.0.0,<20.0.19|<19.4.22
Reported by:
GitHub -
[HIGH] Fix for arbitrary file deletion in customer media allows for remote code execution
PKSA-69r2-jwnk-px22 CVE-2021-41143 GHSA-5vpv-xmcj-9q85
Affected version: >=20.0.0,<20.0.19|<19.4.22
Reported by:
GitHub -
[HIGH] Fix for arbitrary command execution in custom layout update through blocks
PKSA-mt33-5d4f-b3f9 CVE-2021-39217 GHSA-c9q3-r4rv-mjm7
Affected version: >=20.0.0,<20.0.19|<19.4.22
Reported by:
GitHub -
[MEDIUM] magento-lts Reset Password not protected against well-timed CSRF
PKSA-dgzr-rbc9-1c35 CVE-2021-21395 GHSA-r3c9-9j5q-pwv4
Affected version: >=20.0.0,<20.0.19|<19.4.22
Reported by:
GitHub