Total vulnerabilities in the database
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting vulnerability in the admin console. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Access to the admin console is required for successful exploitation.
| Software | From | Fixed in |
|---|---|---|
| magento / magento | - | 2.3.6 |
| magento / magento | 2.4.1 | 2.4.1.x |
| magento / magento | 2.4.0 | 2.4.0.x |
| magento / magento | 2.4.0-p1 | 2.4.0-p1.x |
| magento / magento | 2.3.6 | 2.3.6.x |