Lucene search
GoogleOSV:GHSA-39CH-RG26-GMQ5HistoryMay 24, 2022 - 7:06 p.m.
Magento DOM-based Cross-Site Scripting vulnerability on mage-messages cookies
2022-05-2419:06:25
Google
osv.dev
2
magento
cross-site scripting
dom-based
cookies
vulnerability
version 2.4.2
version 2.4.1-p1
version 2.3.6-p1
unauthenticated attacker
user interaction
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitation could lead to arbitrary JavaScript execution by an unauthenticated attacker. User interaction is required for successful exploitation.
Related
cvelist
cvelist
osv
osv
CVE-2021-28556
2021-06-28 14:15:09
BIT-magento-2021-28556
2024-03-06 10:59:08
cve
cve
CVE-2021-28556
2021-06-28 14:15:09
github
github
prion
prion
Cross site scripting
2021-06-28 14:15:00
nvd
nvd
CVE-2021-28556
2021-06-28 14:15:09
adobe
adobe
APSB21-30 Security updates available for Magento
2021-05-11 00:00:00