What is CVE-2024-20719 — XSS in Magento Community Edition?

CVE-2024-20719 is a critical stored Cross-Site Scripting (XSS) vulnerability in Magento Community Edition versions 2.4.6-p3 and earlier, allowing attackers to inject malicious scripts into admin pages.

Am I affected by CVE-2024-20719 in Magento Community Edition?

Yes, if you are running Magento Community Edition versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6, or earlier, you are affected by this vulnerability.

How do I fix CVE-2024-20719 in Magento Community Edition?

Upgrade Magento Community Edition to version 2.4.4 or later to resolve this vulnerability. Implement WAF rules and restrict admin panel access as temporary mitigations.

Is CVE-2024-20719 being actively exploited?

While no confirmed exploitation has been publicly reported, the vulnerability's criticality and ease of exploitation suggest a high probability of exploitation.

Where can I find the official Magento advisory for CVE-2024-20719?

Refer to the official Magento Security Advisories page for details: https://devdocs.magento.com/security/

CVE-2024-20719 — Vulnerability Details

NEXTGUARD

Escanear grátis

CVE-2024-20719 — Vulnerability Details | NextGuard

Passos de Detecçãotraduzindo…

• wordpress / composer / npm:

grep -r "<script" /var/www/html/app/code/Magento/Admin/block/

• generic web:

curl -I https://your-magento-site.com/admin/ | grep -i "X-XSS-Protection"

• generic web:

curl -I https://your-magento-site.com/admin/ | grep -i "Content-Security-Policy"

Magento Open Source permite Cross-Site Scripting (XSS)

Impacto e Cenários de Ataquetraduzindo…

Contexto de Exploraçãotraduzindo…

Quem Está em Riscotraduzindo…

Passos de Detecçãotraduzindo…

Linha do Tempo do Ataque

Inteligência de Ameaças

Software Afetado

Classificação de Fraqueza (CWE)

Linha do tempo

Mitigação e Soluções Alternativastraduzindo…

Como corrigir

Boletim de Segurança CVE

Perguntas frequentestraduzindo…

What is CVE-2024-20719 — XSS in Magento Community Edition?

Am I affected by CVE-2024-20719 in Magento Community Edition?

How do I fix CVE-2024-20719 in Magento Community Edition?

Is CVE-2024-20719 being actively exploited?

Where can I find the official Magento advisory for CVE-2024-20719?

Informações do pacote

Seu projeto está afetado?