Description

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.

Remediation

References

CVE-2020-9587

Related Vulnerabilities

Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-7888)

Piwigo Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Vulnerability (CVE-2023-44393)

WordPress Plugin bib2html Cross-Site Scripting (0.9.3)

WordPress Plugin Listing, Classified Ads & Business Directory-uListing Multiple Vulnerabilities (1.6.6)

IBM RTC Cross-site Scripting (XSS) Vulnerability (CVE-2020-4691)

Severity

High

Classification

CVE-2020-9587 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities