Security Advisories - magento/community-edition - Packagist

magento/community-edition Security Advisories for 2.4.5-p11 (4)

[CRITICAL] Magento Community Edition Improper Input Validation vulnerability

PKSA-zy5h-f76g-zq5h CVE-2025-54236 GHSA-wh92-6q6g-px7j

Affected version: =2.4.9|>=2.4.8-beta1,<=2.4.8-p2|>=2.4.7-beta1,<=2.4.7-p7|=2.4.8|=2.4.7|>=2.4.9-alpha1,<=2.4.9-alpha2|=2.4.5|>=2.4.6-p1,<=2.4.6-p12|=2.4.6|<=2.4.5-p14

Reported by:
GitHub
[HIGH] Magento Cross-site Scripting vulnerability

PKSA-j53w-rgct-w5r6 CVE-2025-49557 GHSA-8mq8-c243-2335

Affected version: =2.4.8|>=2.4.7-p1,<2.4.7-p7|>=2.4.6-p1,<2.4.6-p12|>=2.4.5-p1,<2.4.5-p14|<2.4.4-p15

Reported by:
GitHub
[CRITICAL] Magneto contains stored XSS vulnerability

PKSA-rb7h-1s2b-4dwg CVE-2025-47110 GHSA-j934-vjh5-vf9r

Affected version: =2.4.6|>=2.4.6-p1,<2.4.6-p11|=2.4.5|=2.4.8|=2.4.7|<2.4.5-p13|>=2.4.7-beta1,<2.4.7-p6|>=2.4.8-beta1,<2.4.8-p1

Reported by:
GitHub
[MEDIUM] Magento Improper Authorization vulnerability

PKSA-w3p3-6vqg-qcmr CVE-2025-27188 GHSA-rr2g-rrjj-xw86

Affected version: >=2.4.8-beta1,<2.4.8|=2.4.7|>=2.4.7-p1,<2.4.7-p5|>=2.4.6-p1,<2.4.6-p10|>=2.4.5-p1,<2.4.5-p12|=2.4.6|=2.4.5|=2.4.4|<2.4.4-p13

Reported by:
GitHub