CNNVD-202511-487 Information

CNNVD ID

CNNVD-202511-487

Related CVE

CVE-2025-64174

• CNNVD Published: 2025-11-06

Description (Chinese)

magento-lts是OpenMage开源的一个用于Magento CE官方版本的可靠替代品。 magento-lts 20.15.0及之前版本存在安全漏洞，该漏洞源于未转义的翻译字符串和URL被打印到特定上下文中，可能导致存储型跨站脚本攻击。

Description (English)

Magento-lts is a reliable alternative for the official version of Magento CE from OpenMage Open Source. There is a security loophole in the magento-lts 20.15.0 and earlier versions, which stems from unconverted translation strings and URLs printed in a given context, which may result in storage-type cross-site script attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

OpenMage

Published

2025-11-06

Last Modified

2026-02-24

References

https://github.com/OpenMage/magento-lts/commit/9d604f5489851c54a96fca31b0e13c414b0fb20a https://github.com/OpenMage/magento-lts/security/advisories/GHSA-qv78-c8hc-438r

Patch

https://github.com/OpenMage/magento-lts/releases