How can GHSA-9j5w-2cqc-cwj9 vulnerability be exploited?

By using specially crafted HTML tags to inject malicious scripts into the TinyMCE WYSIWYG editor.

What is the severity of GHSA-9j5w-2cqc-cwj9 vulnerability?

The severity of GHSA-9j5w-2cqc-cwj9 vulnerability is high with a CVSS score of 7.5.

How can I patch GHSA-9j5w-2cqc-cwj9 vulnerability?

Update the OpenMage Magento LTS package to version 20.2.0 or higher.

Where can I find more information about GHSA-9j5w-2cqc-cwj9 vulnerability?

You can find more information about GHSA-9j5w-2cqc-cwj9 vulnerability in the following references: - [GitHub Security Advisory](https://github.com/OpenMage/magento-lts/security/advisories/GHSA-9j5w-2cqc-cwj9) - [GitHub Pull Request](https://github.com/OpenMage/magento-lts/pull/3220) - [HackerOne Report](https://hackerone.com/reports/1948040)

Vulnerability/
GHSA-9j5w-2cqc-cwj9

high

7.5

CWE

8/12/2023

GHSA-9j5w-2cqc-cwj9: XSS

First published: Fri Dec 08 2023(Updated: )

From HackerOne report [#1948040](https://hackerone.com/reports/1948040) by Halit AKAYDIN (hltakydn) ### Impact _What kind of vulnerability is it? Who is impacted?_ The TinyMCE WYSIWYG editor fails to filter scripts when rendering the HTML in specially crafted HTML tags. ### Patches _Has the problem been patched? What versions should users upgrade to?_ This vulnerability was fixed in version 20.2.0 by upgrading TinyMCE to a recent version in https://github.com/OpenMage/magento-lts/pull/3220 ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ The WYSIWYG editor features could be disabled in the configuration. Possibly some WAF appliances would filter this attack. ### References _Are there any links users can visit to find out more?_ The attack is simply an exploit of the "onmouseover" attribute of an `img` element as described on [OWASP XSS Filter Evasion](https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html)

Affected Software	Affected Version	How to fix
composer/openmage/magento-lts	<20.2.0	20.2.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the impact of GHSA-9j5w-2cqc-cwj9 vulnerability?
The TinyMCE WYSIWYG editor fails to filter scripts when rendering the HTML in specially crafted HTML tags.
How can GHSA-9j5w-2cqc-cwj9 vulnerability be exploited?
By using specially crafted HTML tags to inject malicious scripts into the TinyMCE WYSIWYG editor.
What is the severity of GHSA-9j5w-2cqc-cwj9 vulnerability?
The severity of GHSA-9j5w-2cqc-cwj9 vulnerability is high with a CVSS score of 7.5.
How can I patch GHSA-9j5w-2cqc-cwj9 vulnerability?
Update the OpenMage Magento LTS package to version 20.2.0 or higher.
Where can I find more information about GHSA-9j5w-2cqc-cwj9 vulnerability?
You can find more information about GHSA-9j5w-2cqc-cwj9 vulnerability in the following references: - [GitHub Security Advisory](https://github.com/OpenMage/magento-lts/security/advisories/GHSA-9j5w-2cqc-cwj9) - [GitHub Pull Request](https://github.com/OpenMage/magento-lts/pull/3220) - [HackerOne Report](https://hackerone.com/reports/1948040)

collector/github-advisory-latest
alias/GHSA-9j5w-2cqc-cwj9
collector/github-advisory
package-manager/composer

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.