Vulnerability Database

290,020

Total vulnerabilities in the database

Magento LTS vulnerable to Stored XSS via TinyMCE WYSIWYG Editor

From HackerOne report #1948040 by Halit AKAYDIN (hltakydn)

Impact

What kind of vulnerability is it? Who is impacted?

The TinyMCE WYSIWYG editor fails to filter scripts when rendering the HTML in specially crafted HTML tags.

Patches

Has the problem been patched? What versions should users upgrade to?

This vulnerability was fixed in version 20.2.0 by upgrading TinyMCE to a recent version in https://github.com/OpenMage/magento-lts/pull/3220

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?

The WYSIWYG editor features could be disabled in the configuration. Possibly some WAF appliances would filter this attack.

References

Are there any links users can visit to find out more?

The attack is simply an exploit of the "onmouseover" attribute of an img element as described on OWASP XSS Filter Evasion

CVSS v3:

  • Severity: Unknown
  • Score:
  • AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L

CWEs:

OWASP TOP 10:

Software From Fixed in
openmage / magento-lts - 20.2.0