cvedb.io
CVE-2024-41676
MEDIUM · CVSS 4.1
EPSS exploitation probability: 0%
Published 2024-07-29T15:15:16.040 · Last modified 2026-06-17T07:48:01.773

Summary

Magento-lts is a long-term support alternative to Magento Community Edition (CE). This XSS vulnerability affects the design/header/welcome, design/header/logo_src, design/header/logo_src_small, and design/header/logo_alt system configs.They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases. But because of previously missing escaping allowed to input arbitrary html and as a consequence also arbitrary JavaScript. The problem is patched with Version 20.10.1 or higher.

Affected products

openmage — magento

Does this affect you?

Add your gear to cvedb and we'll alert you only when openmage ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.