{"id":"GHSA-mcfc-67vm-j568","summary":"Magento Cross-Site Scripting (XSS) vulnerability","details":"Magento Commerce and Open Source 2.2.6 and 2.1.15 contain multiple security enhancements that help close Cross-Site Scripting (XSS) and other vulnerabilities.","modified":"2024-11-29T05:54:33.512584Z","published":"2024-05-15T22:34:09Z","database_specific":{"github_reviewed_at":"2024-05-15T22:34:09Z","cwe_ids":[],"nvd_published_at":null,"github_reviewed":true,"severity":"MODERATE"},"references":[{"type":"WEB","url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/2018-09-10.yaml"},{"type":"PACKAGE","url":"https://github.com/magento/magento2"},{"type":"WEB","url":"https://web.archive.org/web/20210802082439/https://magento.com/security/patches/magento-2.2.6-and-2.1.15-security-update"}],"affected":[{"package":{"name":"magento/community-edition","ecosystem":"Packagist","purl":"pkg:composer/magento/community-edition"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.1"},{"fixed":"2.1.15"}]}],"versions":["2.1.0","2.1.0-rc1","2.1.0-rc2","2.1.0-rc3","2.1.1","2.1.10","2.1.11","2.1.12","2.1.13","2.1.14","2.1.2","2.1.3","2.1.4","2.1.5","2.1.6","2.1.7","2.1.8","2.1.9"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-mcfc-67vm-j568/GHSA-mcfc-67vm-j568.json"}},{"package":{"name":"magento/community-edition","ecosystem":"Packagist","purl":"pkg:composer/magento/community-edition"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.2"},{"fixed":"2.2.6"}]}],"versions":["2.2.0","2.2.1","2.2.2","2.2.3","2.2.4","2.2.5"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-mcfc-67vm-j568/GHSA-mcfc-67vm-j568.json"}}],"schema_version":"1.7.3"}