CVE-2025-27400

LOW Year: 2025
CVSS v3 Score
2.9
Low
Weakness Type
CWE-79
View all →

Vulnerability Description

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.1 contain a vulnerability that allows script execution in the admin panel which could lead to cross-site scripting against authenticated admin users. The attack requires an admin user with configuration access, so in practicality it is not very likely to be useful given that a user with this level of access is probably already a full admin. Versions 20.12.3 and 20.13.1 contain a patch for the issue.

Related Vulnerabilities

CVE-2021-38895

LOW
CVSS:3.0(Low)

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fu...

CWE-792021

CVE-2022-33994

LOW
CVSS:3.0(Low)

The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context ...

CWE-792022

CVE-2016-0370

LOW
CVSS:2.7(Low)

Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an a...

CWE-792016

CVE-2018-0532

LOW
CVSS:2.7(Low)

Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors.

CWE-792018

CVE-2022-4617

LOW
CVSS:2.7(Low)

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.

CWE-792022