Skip to content

Commit 9039cc2

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-mmp7-8cg4-9wrg GHSA-q628-54wg-4r5q GHSA-mmp7-8cg4-9wrg GHSA-q628-54wg-4r5q
1 parent e5079b7 commit 9039cc2

File tree

4 files changed

+346
-72
lines changed

4 files changed

+346
-72
lines changed

advisories/github-reviewed/2024/08/GHSA-mmp7-8cg4-9wrg/GHSA-mmp7-8cg4-9wrg.json

Lines changed: 173 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,173 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-mmp7-8cg4-9wrg",
4+
"modified": "2025-11-06T17:19:31Z",
5+
"published": "2024-08-14T12:35:01Z",
6+
"aliases": [
7+
"CVE-2024-39403"
8+
],
9+
"summary": "Magento Stored Cross-Site Scripting (XSS) vulnerability ",
10+
"details": "Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality impact is high due to the attacker being able to exfiltrate sensitive information.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Packagist",
21+
"name": "magento/project-community-edition"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"last_affected": "2.0.2"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "Packagist",
40+
"name": "magento/community-edition"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "2.4.7-beta1"
48+
},
49+
{
50+
"fixed": "2.4.7-p2"
51+
}
52+
]
53+
}
54+
]
55+
},
56+
{
57+
"package": {
58+
"ecosystem": "Packagist",
59+
"name": "magento/community-edition"
60+
},
61+
"ranges": [
62+
{
63+
"type": "ECOSYSTEM",
64+
"events": [
65+
{
66+
"introduced": "2.4.6-p1"
67+
},
68+
{
69+
"fixed": "2.4.6-p7"
70+
}
71+
]
72+
}
73+
]
74+
},
75+
{
76+
"package": {
77+
"ecosystem": "Packagist",
78+
"name": "magento/community-edition"
79+
},
80+
"ranges": [
81+
{
82+
"type": "ECOSYSTEM",
83+
"events": [
84+
{
85+
"introduced": "2.4.5-p1"
86+
},
87+
{
88+
"fixed": "2.4.5-p9"
89+
}
90+
]
91+
}
92+
]
93+
},
94+
{
95+
"package": {
96+
"ecosystem": "Packagist",
97+
"name": "magento/community-edition"
98+
},
99+
"ranges": [
100+
{
101+
"type": "ECOSYSTEM",
102+
"events": [
103+
{
104+
"introduced": "2.4.4-p1"
105+
},
106+
{
107+
"fixed": "2.4.4-p10"
108+
}
109+
]
110+
}
111+
]
112+
},
113+
{
114+
"package": {
115+
"ecosystem": "Packagist",
116+
"name": "magento/community-edition"
117+
},
118+
"versions": [
119+
"2.4.7"
120+
]
121+
},
122+
{
123+
"package": {
124+
"ecosystem": "Packagist",
125+
"name": "magento/community-edition"
126+
},
127+
"versions": [
128+
"2.4.6"
129+
]
130+
},
131+
{
132+
"package": {
133+
"ecosystem": "Packagist",
134+
"name": "magento/community-edition"
135+
},
136+
"versions": [
137+
"2.4.5"
138+
]
139+
},
140+
{
141+
"package": {
142+
"ecosystem": "Packagist",
143+
"name": "magento/community-edition"
144+
},
145+
"versions": [
146+
"2.4.4"
147+
]
148+
}
149+
],
150+
"references": [
151+
{
152+
"type": "ADVISORY",
153+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39403"
154+
},
155+
{
156+
"type": "PACKAGE",
157+
"url": "https://github.com/magento/magento2"
158+
},
159+
{
160+
"type": "WEB",
161+
"url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
162+
}
163+
],
164+
"database_specific": {
165+
"cwe_ids": [
166+
"CWE-79"
167+
],
168+
"severity": "HIGH",
169+
"github_reviewed": true,
170+
"github_reviewed_at": "2025-11-06T17:19:31Z",
171+
"nvd_published_at": "2024-08-14T12:15:25Z"
172+
}
173+
}

advisories/github-reviewed/2024/08/GHSA-q628-54wg-4r5q/GHSA-q628-54wg-4r5q.json

Lines changed: 173 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,173 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-q628-54wg-4r5q",
4+
"modified": "2025-11-06T17:19:16Z",
5+
"published": "2024-08-14T12:35:01Z",
6+
"aliases": [
7+
"CVE-2024-39398"
8+
],
9+
"summary": "Magento does not properly restrict excessive authentication attempts",
10+
"details": "Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and potentially gain unauthorized access to accounts. Exploitation of this issue does not require user interaction, but attack complexity is high.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Packagist",
21+
"name": "magento/project-community-edition"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"last_affected": "2.0.2"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "Packagist",
40+
"name": "magento/community-edition"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "2.4.7-beta1"
48+
},
49+
{
50+
"fixed": "2.4.7-p2"
51+
}
52+
]
53+
}
54+
]
55+
},
56+
{
57+
"package": {
58+
"ecosystem": "Packagist",
59+
"name": "magento/community-edition"
60+
},
61+
"ranges": [
62+
{
63+
"type": "ECOSYSTEM",
64+
"events": [
65+
{
66+
"introduced": "2.4.6-p1"
67+
},
68+
{
69+
"fixed": "2.4.6-p7"
70+
}
71+
]
72+
}
73+
]
74+
},
75+
{
76+
"package": {
77+
"ecosystem": "Packagist",
78+
"name": "magento/community-edition"
79+
},
80+
"ranges": [
81+
{
82+
"type": "ECOSYSTEM",
83+
"events": [
84+
{
85+
"introduced": "2.4.5-p1"
86+
},
87+
{
88+
"fixed": "2.4.5-p9"
89+
}
90+
]
91+
}
92+
]
93+
},
94+
{
95+
"package": {
96+
"ecosystem": "Packagist",
97+
"name": "magento/community-edition"
98+
},
99+
"ranges": [
100+
{
101+
"type": "ECOSYSTEM",
102+
"events": [
103+
{
104+
"introduced": "2.4.4-p1"
105+
},
106+
{
107+
"fixed": "2.4.4-p10"
108+
}
109+
]
110+
}
111+
]
112+
},
113+
{
114+
"package": {
115+
"ecosystem": "Packagist",
116+
"name": "magento/community-edition"
117+
},
118+
"versions": [
119+
"2.4.7"
120+
]
121+
},
122+
{
123+
"package": {
124+
"ecosystem": "Packagist",
125+
"name": "magento/community-edition"
126+
},
127+
"versions": [
128+
"2.4.6"
129+
]
130+
},
131+
{
132+
"package": {
133+
"ecosystem": "Packagist",
134+
"name": "magento/community-edition"
135+
},
136+
"versions": [
137+
"2.4.5"
138+
]
139+
},
140+
{
141+
"package": {
142+
"ecosystem": "Packagist",
143+
"name": "magento/community-edition"
144+
},
145+
"versions": [
146+
"2.4.4"
147+
]
148+
}
149+
],
150+
"references": [
151+
{
152+
"type": "ADVISORY",
153+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39398"
154+
},
155+
{
156+
"type": "PACKAGE",
157+
"url": "https://github.com/magento/magento2"
158+
},
159+
{
160+
"type": "WEB",
161+
"url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
162+
}
163+
],
164+
"database_specific": {
165+
"cwe_ids": [
166+
"CWE-307"
167+
],
168+
"severity": "HIGH",
169+
"github_reviewed": true,
170+
"github_reviewed_at": "2025-11-06T17:19:16Z",
171+
"nvd_published_at": "2024-08-14T12:15:24Z"
172+
}
173+
}

advisories/unreviewed/2024/08/GHSA-mmp7-8cg4-9wrg/GHSA-mmp7-8cg4-9wrg.json

Lines changed: 0 additions & 36 deletions
This file was deleted.

0 commit comments

Comments
 (0)