{"url":"http://public2.vulnerablecode.io/api/packages/65942?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p2","type":"composer","namespace":"magento","name":"community-edition","version":"2.4.4-p2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.4-p3","latest_non_vulnerable_version":"2.4.9-alpha3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45582?format=json","vulnerability_id":"VCID-7ewa-w75h-qfdy","summary":"Magento Open Source allows Cross-Site Scripting (XSS)\nAdobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.","references":[{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-17.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-17.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22249","reference_id":"CVE-2023-22249","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22249"},{"reference_url":"https://github.com/advisories/GHSA-fxcr-gvcw-hmqm","reference_id":"GHSA-fxcr-gvcw-hmqm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fxcr-gvcw-hmqm"}],"fixed_packages":[],"aliases":["CVE-2023-22249","GHSA-fxcr-gvcw-hmqm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ewa-w75h-qfdy"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p2"}