Lucene search
GoogleOSV:CVE-2020-24408HistoryOct 16, 2020 - 3:15 p.m.
CVE-2020-24408
2020-10-1615:15:11
Google
osv.dev
9
magento
persistent xss
file upload
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other Magento users. This vulnerability requires a victim to browse to the uploaded file.
Related
cvelist
cvelist
CVE-2020-24408 Stored XSS in customer address upload feature
2020-10-16 14:03:11
cve
cve
CVE-2020-24408
2020-10-16 15:15:11
nvd
nvd
CVE-2020-24408
2020-10-16 15:15:11
prion
prion
Cross site scripting
2020-10-16 15:15:00
github
github
Magento 2 Community Edition XSS Vulnerability
2022-05-24 17:31:03
osv
osv
BIT-magento-2020-24408
2024-03-06 11:07:09
Magento 2 Community Edition XSS Vulnerability
2022-05-24 17:31:03
threatpost
threatpost
Critical Magento Holes Open Online Shops to Code Execution
2020-10-15 20:59:30
adobe
adobe
APSB20-59 Security updates available for Magento
2020-10-15 00:00:00
openvas
openvas
Magento < 2.3.6, 2.4.x < 2.4.1 Multiple Vulnerabilities (APSB20-59)
2020-10-23 00:00:00