CVE-2025-27400 (GCVE-0-2025-27400)

Vulnerability from cvelistv5 – Published: 2025-02-28 15:26 – Updated: 2025-08-26 19:32
VLAI?
Summary
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerability that allows script execution in the admin panel which could lead to cross-site scripting against authenticated admin users. The attack requires an admin user with configuration access, so in practicality it is not very likely to be useful given that a user with this level of access is probably already a full admin. Versions 20.12.3 and 20.13.0 contain a patch for the issue.
Severity ?
2.9 (Low)
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
Vendor Product Version
OpenMage magento-lts Affected: < 20.12.3
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27400",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-28T15:41:48.315159Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-26T19:32:15.324Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "magento-lts",
          "vendor": "OpenMage",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 20.12.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerability that allows script execution in the admin panel which could lead to cross-site scripting against authenticated admin users. The attack requires an admin user with configuration access, so in practicality it is not very likely to be useful given that a user with this level of access is probably already a full admin. Versions 20.12.3 and 20.13.0 contain a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 2.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-16T14:31:59.238Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5pxh-89cx-4668",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5pxh-89cx-4668"
        },
        {
          "name": "https://github.com/OpenMage/magento-lts/commit/d307e5bf75729a2347dde0952fe9fd9fcd9c6aea",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OpenMage/magento-lts/commit/d307e5bf75729a2347dde0952fe9fd9fcd9c6aea"
        },
        {
          "name": "https://github.com/OpenMage/magento-lts/releases/tag/v20.12.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OpenMage/magento-lts/releases/tag/v20.12.3"
        },
        {
          "name": "https://github.com/OpenMage/magento-lts/releases/tag/v20.13.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OpenMage/magento-lts/releases/tag/v20.13.0"
        }
      ],
      "source": {
        "advisory": "GHSA-5pxh-89cx-4668",
        "discovery": "UNKNOWN"
      },
      "title": "Magento vulnerable to stored XSS in theme config fields"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-27400",
    "datePublished": "2025-02-28T15:26:14.265Z",
    "dateReserved": "2025-02-24T15:51:17.267Z",
    "dateUpdated": "2025-08-26T19:32:15.324Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-27400\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-02-28T16:15:40.237\",\"lastModified\":\"2025-08-26T20:15:38.820\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerability that allows script execution in the admin panel which could lead to cross-site scripting against authenticated admin users. The attack requires an admin user with configuration access, so in practicality it is not very likely to be useful given that a user with this level of access is probably already a full admin. Versions 20.12.3 and 20.13.0 contain a patch for the issue.\"},{\"lang\":\"es\",\"value\":\"Magento Long Term Support (LTS) es un proyecto no oficial impulsado por la comunidad que ofrece una alternativa a la plataforma de comercio electr\u00f3nico Magento Community Edition con un alto nivel de compatibilidad con versiones anteriores. Las versiones anteriores a 20.12.3 y 20.13.1 contienen una vulnerabilidad que permite la ejecuci\u00f3n de scripts en el panel de administraci\u00f3n, lo que podr\u00eda provocar ataques de cross-site scripting contra usuarios administradores autenticados. El ataque requiere un usuario administrador con acceso a la configuraci\u00f3n, por lo que, en la pr\u00e1ctica, no es muy probable que sea \u00fatil dado que un usuario con este nivel de acceso probablemente ya sea un administrador completo. Las versiones 20.12.3 y 20.13.1 contienen un parche para el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L\",\"baseScore\":2.9,\"baseSeverity\":\"LOW\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.4,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://github.com/OpenMage/magento-lts/commit/d307e5bf75729a2347dde0952fe9fd9fcd9c6aea\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/OpenMage/magento-lts/releases/tag/v20.12.3\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/OpenMage/magento-lts/releases/tag/v20.13.0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5pxh-89cx-4668\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-27400\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-28T15:41:48.315159Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-28T15:43:11.693Z\"}}], \"cna\": {\"title\": \"Magento vulnerable to stored XSS in theme config fields\", \"source\": {\"advisory\": \"GHSA-5pxh-89cx-4668\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 2.9, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"OpenMage\", \"product\": \"magento-lts\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 20.12.3\"}]}], \"references\": [{\"url\": \"https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5pxh-89cx-4668\", \"name\": \"https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5pxh-89cx-4668\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/OpenMage/magento-lts/commit/d307e5bf75729a2347dde0952fe9fd9fcd9c6aea\", \"name\": \"https://github.com/OpenMage/magento-lts/commit/d307e5bf75729a2347dde0952fe9fd9fcd9c6aea\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OpenMage/magento-lts/releases/tag/v20.12.3\", \"name\": \"https://github.com/OpenMage/magento-lts/releases/tag/v20.12.3\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OpenMage/magento-lts/releases/tag/v20.13.0\", \"name\": \"https://github.com/OpenMage/magento-lts/releases/tag/v20.13.0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerability that allows script execution in the admin panel which could lead to cross-site scripting against authenticated admin users. The attack requires an admin user with configuration access, so in practicality it is not very likely to be useful given that a user with this level of access is probably already a full admin. Versions 20.12.3 and 20.13.0 contain a patch for the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-06-16T14:31:59.238Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-27400\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-26T19:32:15.324Z\", \"dateReserved\": \"2025-02-24T15:51:17.267Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-02-28T15:26:14.265Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.