CVE-2015-2068 – dweeves/magmi

Package

Manager: composer
Name: dweeves/magmi
Vulnerable Version: >=0 <0.7.22

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:H/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

EPSS: 0.05406 pctl0.89762

Details

MAGMI cross-site scripting (XSS) Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php.

Metadata

Created: 2022-05-13T01:25:28Z
Modified: 2024-04-24T18:40:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-27v2-398x-f74x/GHSA-27v2-398x-f74x.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-27v2-398x-f74x
Finding: F425
Auto approve: 1