openmage/magento-lts Security Advisories for v20.14.0 (2)
-
[MEDIUM] Magento's X-Original-Url header can expose admin url
PKSA-nz6n-ckcm-yb2x CVE-2026-25523 GHSA-jg68-vhv3-9r8f
Affected version: <20.16.1
Reported by:
GitHub -
[MEDIUM] OpenMage vulnerable to XSS in Admin Notifications
PKSA-t425-mpgn-4yhs CVE-2025-64174 GHSA-qv78-c8hc-438r
Affected version: <20.16.0
Reported by:
GitHub