{ "schema_version": "1.4.0", "id": "GHSA-rjjw-g6hw-7pc9", "modified": "2025-02-28T02:37:06Z", "published": "2025-02-11T18:31:41Z", "aliases": [ "CVE-2025-24416" ], "summary": "Magento Stored Cross-Site Scripting (XSS) Vulnerability", "details": "Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" } ], "affected": [ { "package": { "ecosystem": "Packagist", "name": "magento/community-edition" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "2.4.7-beta1" }, { "fixed": "2.4.7-p4" } ] } ] }, { "package": { "ecosystem": "Packagist", "name": "magento/community-edition" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "2.4.6-p1" }, { "fixed": "2.4.6-p9" } ] } ] }, { "package": { "ecosystem": "Packagist", "name": "magento/community-edition" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "2.4.5-p1" }, { "fixed": "2.4.5-p11" } ] } ] }, { "package": { "ecosystem": "Packagist", "name": "magento/community-edition" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.4.4-p12" } ] } ] }, { "package": { "ecosystem": "Packagist", "name": "magento/community-edition" }, "versions": [ "2.4.7" ] }, { "package": { "ecosystem": "Packagist", "name": "magento/community-edition" }, "versions": [ "2.4.6" ] }, { "package": { "ecosystem": "Packagist", "name": "magento/community-edition" }, "versions": [ "2.4.5" ] }, { "package": { "ecosystem": "Packagist", "name": "magento/community-edition" }, "versions": [ "2.4.4" ] }, { "package": { "ecosystem": "Packagist", "name": "magento/community-edition" }, "versions": [ "2.4.8-beta1" ] }, { "package": { "ecosystem": "Packagist", "name": "magento/project-community-edition" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "last_affected": "2.0.2" } ] } ] } ], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24416" }, { "type": "PACKAGE", "url": "https://github.com/magento/magento2" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" } ], "database_specific": { "cwe_ids": [ "CWE-79" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2025-02-28T02:37:05Z", "nvd_published_at": "2025-02-11T18:15:43Z" } }