Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/magento/community-edition@2.4.5-p7
Typecomposer
Namespacemagento
Namecommunity-edition
Version2.4.5-p7
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.4.5-p8
Latest_non_vulnerable_version2.4.9-alpha3
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-hwb9-yxzn-zub5
vulnerability_id VCID-hwb9-yxzn-zub5
summary 
Magento Open Source allows Cross-Site Scripting (XSS)
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-20759
reference_id
reference_type
scores
0
value 0.01627
scoring_system epss
scoring_elements 0.82182
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-20759
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value 6.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb24-18.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value 6.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-11T04:01:07Z/
url https://helpx.adobe.com/security/products/magento/apsb24-18.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-20759
reference_id CVE-2024-20759
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value 6.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-20759
4
reference_url https://github.com/advisories/GHSA-59vf-hjxc-f9c5
reference_id GHSA-59vf-hjxc-f9c5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-59vf-hjxc-f9c5
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p8
purl pkg:composer/magento/community-edition@2.4.4-p8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p8
1
url pkg:composer/magento/community-edition@2.4.5-p7
purl pkg:composer/magento/community-edition@2.4.5-p7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p7
2
url pkg:composer/magento/community-edition@2.4.6-p5
purl pkg:composer/magento/community-edition@2.4.6-p5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p5
3
url pkg:composer/magento/community-edition@2.4.7
purl pkg:composer/magento/community-edition@2.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11ed-qtc7-bqbg
1
vulnerability VCID-17xq-rhcp-z3hj
2
vulnerability VCID-1wxk-rhfp-qqgp
3
vulnerability VCID-1yj1-79jb-wyht
4
vulnerability VCID-2495-ugn7-v7fk
5
vulnerability VCID-27w8-khpp-c7hk
6
vulnerability VCID-29fa-krur-qqbv
7
vulnerability VCID-2eq5-hm5y-f3f4
8
vulnerability VCID-3hcd-r9gs-cfgh
9
vulnerability VCID-3jns-w9p4-jyca
10
vulnerability VCID-3sn5-689e-cbhk
11
vulnerability VCID-3tpy-wktb-wqdj
12
vulnerability VCID-3v4v-ysx5-77gs
13
vulnerability VCID-3vpy-uswf-5ugc
14
vulnerability VCID-3wnx-e9kp-fkg7
15
vulnerability VCID-46mz-swkk-suhn
16
vulnerability VCID-4kg3-wkw1-vqhy
17
vulnerability VCID-4w8w-6563-3kfb
18
vulnerability VCID-53d5-qzm4-vfgs
19
vulnerability VCID-5bn1-w5sa-ubft
20
vulnerability VCID-5du3-fvj3-87h7
21
vulnerability VCID-5fmh-e4j7-nbcf
22
vulnerability VCID-5tkb-ngcw-t7ap
23
vulnerability VCID-6g84-aswq-5kfb
24
vulnerability VCID-6mxj-tzme-zyhb
25
vulnerability VCID-6srg-smmw-hycj
26
vulnerability VCID-7dbc-v42e-j7d6
27
vulnerability VCID-7dzy-1fxw-xfes
28
vulnerability VCID-8crc-kmpq-63bd
29
vulnerability VCID-94sc-9fyk-2uay
30
vulnerability VCID-96gx-zvab-yyhe
31
vulnerability VCID-9gte-ub5c-mqas
32
vulnerability VCID-a2mn-k8qn-j7c9
33
vulnerability VCID-a9hc-nhv2-7ubx
34
vulnerability VCID-ac6e-denb-w7hy
35
vulnerability VCID-annu-j9a3-xkhs
36
vulnerability VCID-ctr3-kt63-hybf
37
vulnerability VCID-d372-f5hu-1bhr
38
vulnerability VCID-d6u8-dhmd-x3ed
39
vulnerability VCID-dqfx-d99q-jyd1
40
vulnerability VCID-ekn2-uahd-4qgw
41
vulnerability VCID-enwr-t7r8-xyge
42
vulnerability VCID-euam-6b48-suhg
43
vulnerability VCID-ewjp-uxup-gqex
44
vulnerability VCID-f5jj-23tj-wkbu
45
vulnerability VCID-f6vc-8z9a-cqej
46
vulnerability VCID-ft2p-3a61-wudj
47
vulnerability VCID-gdh1-vff1-cfc2
48
vulnerability VCID-gf2z-99wt-3qcg
49
vulnerability VCID-gkb3-ddu2-qyg6
50
vulnerability VCID-gyd8-hu6s-wkgt
51
vulnerability VCID-hbre-ty72-g7gy
52
vulnerability VCID-hcbc-9c78-yye6
53
vulnerability VCID-jbs3-xb4d-j3gz
54
vulnerability VCID-jbzd-yjne-6ucr
55
vulnerability VCID-jede-wz7z-2ugt
56
vulnerability VCID-jehy-k235-4ua9
57
vulnerability VCID-jg5k-6vqh-57ey
58
vulnerability VCID-jnsk-z1qy-8uh7
59
vulnerability VCID-k55s-dcep-mbbk
60
vulnerability VCID-khdx-kb5m-qyd7
61
vulnerability VCID-kumb-xzbe-5fb3
62
vulnerability VCID-mcuv-294k-5qc4
63
vulnerability VCID-mgk4-9tan-a7fj
64
vulnerability VCID-mgxx-zdm4-9fe7
65
vulnerability VCID-mwg1-4tbg-53cg
66
vulnerability VCID-ntcr-n7fp-j3ab
67
vulnerability VCID-p84d-d8gt-ukck
68
vulnerability VCID-qsq4-2nz1-p7hu
69
vulnerability VCID-qxz4-rh86-cfcu
70
vulnerability VCID-rgfy-hqz1-zyb4
71
vulnerability VCID-rhp2-bwp6-k3d4
72
vulnerability VCID-rv3b-5ja1-dkdv
73
vulnerability VCID-t1ba-h3yd-yydc
74
vulnerability VCID-t5m6-39fh-zfhg
75
vulnerability VCID-tk7j-4vsm-e7c6
76
vulnerability VCID-tn7z-sztq-hbax
77
vulnerability VCID-u3gt-rhgh-p7ax
78
vulnerability VCID-uv6e-ctrt-eycw
79
vulnerability VCID-v7r7-xtq1-gug6
80
vulnerability VCID-v7ru-7kga-2bet
81
vulnerability VCID-vjad-xkj2-nygh
82
vulnerability VCID-vthq-tuqs-5fg9
83
vulnerability VCID-vvzs-mjes-e3eq
84
vulnerability VCID-wdvt-5z3a-5bc2
85
vulnerability VCID-weqh-3ye3-nbbp
86
vulnerability VCID-xde9-dz52-1fgp
87
vulnerability VCID-xm9z-aqhf-uqft
88
vulnerability VCID-y9ew-ydqv-4kbf
89
vulnerability VCID-yh52-jggb-jfgx
90
vulnerability VCID-yjgp-6ntk-xbc3
91
vulnerability VCID-ypqs-5ju2-hkcz
92
vulnerability VCID-yzdu-4cnk-5uft
93
vulnerability VCID-z8qf-cqwg-zkan
94
vulnerability VCID-zacs-wg6m-qyg4
95
vulnerability VCID-zgzb-haur-s7aq
96
vulnerability VCID-zwsv-4q8h-x3e7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7
aliases CVE-2024-20759, GHSA-59vf-hjxc-f9c5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hwb9-yxzn-zub5
1
url VCID-pqpk-dh2p-4yc8
vulnerability_id VCID-pqpk-dh2p-4yc8
summary 
Magento Open Source allows Improper Input Validation
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack complexity is high.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-20758
reference_id
reference_type
scores
0
value 0.02201
scoring_system epss
scoring_elements 0.84703
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-20758
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb24-18.html
reference_id
reference_type
scores
0
value 9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-11T04:01:06Z/
url https://helpx.adobe.com/security/products/magento/apsb24-18.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-20758
reference_id CVE-2024-20758
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-20758
4
reference_url https://github.com/advisories/GHSA-wh4m-6rh3-p4rq
reference_id GHSA-wh4m-6rh3-p4rq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wh4m-6rh3-p4rq
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p8
purl pkg:composer/magento/community-edition@2.4.4-p8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p8
1
url pkg:composer/magento/community-edition@2.4.5-p7
purl pkg:composer/magento/community-edition@2.4.5-p7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p7
2
url pkg:composer/magento/community-edition@2.4.6-p5
purl pkg:composer/magento/community-edition@2.4.6-p5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p5
3
url pkg:composer/magento/community-edition@2.4.7
purl pkg:composer/magento/community-edition@2.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11ed-qtc7-bqbg
1
vulnerability VCID-17xq-rhcp-z3hj
2
vulnerability VCID-1wxk-rhfp-qqgp
3
vulnerability VCID-1yj1-79jb-wyht
4
vulnerability VCID-2495-ugn7-v7fk
5
vulnerability VCID-27w8-khpp-c7hk
6
vulnerability VCID-29fa-krur-qqbv
7
vulnerability VCID-2eq5-hm5y-f3f4
8
vulnerability VCID-3hcd-r9gs-cfgh
9
vulnerability VCID-3jns-w9p4-jyca
10
vulnerability VCID-3sn5-689e-cbhk
11
vulnerability VCID-3tpy-wktb-wqdj
12
vulnerability VCID-3v4v-ysx5-77gs
13
vulnerability VCID-3vpy-uswf-5ugc
14
vulnerability VCID-3wnx-e9kp-fkg7
15
vulnerability VCID-46mz-swkk-suhn
16
vulnerability VCID-4kg3-wkw1-vqhy
17
vulnerability VCID-4w8w-6563-3kfb
18
vulnerability VCID-53d5-qzm4-vfgs
19
vulnerability VCID-5bn1-w5sa-ubft
20
vulnerability VCID-5du3-fvj3-87h7
21
vulnerability VCID-5fmh-e4j7-nbcf
22
vulnerability VCID-5tkb-ngcw-t7ap
23
vulnerability VCID-6g84-aswq-5kfb
24
vulnerability VCID-6mxj-tzme-zyhb
25
vulnerability VCID-6srg-smmw-hycj
26
vulnerability VCID-7dbc-v42e-j7d6
27
vulnerability VCID-7dzy-1fxw-xfes
28
vulnerability VCID-8crc-kmpq-63bd
29
vulnerability VCID-94sc-9fyk-2uay
30
vulnerability VCID-96gx-zvab-yyhe
31
vulnerability VCID-9gte-ub5c-mqas
32
vulnerability VCID-a2mn-k8qn-j7c9
33
vulnerability VCID-a9hc-nhv2-7ubx
34
vulnerability VCID-ac6e-denb-w7hy
35
vulnerability VCID-annu-j9a3-xkhs
36
vulnerability VCID-ctr3-kt63-hybf
37
vulnerability VCID-d372-f5hu-1bhr
38
vulnerability VCID-d6u8-dhmd-x3ed
39
vulnerability VCID-dqfx-d99q-jyd1
40
vulnerability VCID-ekn2-uahd-4qgw
41
vulnerability VCID-enwr-t7r8-xyge
42
vulnerability VCID-euam-6b48-suhg
43
vulnerability VCID-ewjp-uxup-gqex
44
vulnerability VCID-f5jj-23tj-wkbu
45
vulnerability VCID-f6vc-8z9a-cqej
46
vulnerability VCID-ft2p-3a61-wudj
47
vulnerability VCID-gdh1-vff1-cfc2
48
vulnerability VCID-gf2z-99wt-3qcg
49
vulnerability VCID-gkb3-ddu2-qyg6
50
vulnerability VCID-gyd8-hu6s-wkgt
51
vulnerability VCID-hbre-ty72-g7gy
52
vulnerability VCID-hcbc-9c78-yye6
53
vulnerability VCID-jbs3-xb4d-j3gz
54
vulnerability VCID-jbzd-yjne-6ucr
55
vulnerability VCID-jede-wz7z-2ugt
56
vulnerability VCID-jehy-k235-4ua9
57
vulnerability VCID-jg5k-6vqh-57ey
58
vulnerability VCID-jnsk-z1qy-8uh7
59
vulnerability VCID-k55s-dcep-mbbk
60
vulnerability VCID-khdx-kb5m-qyd7
61
vulnerability VCID-kumb-xzbe-5fb3
62
vulnerability VCID-mcuv-294k-5qc4
63
vulnerability VCID-mgk4-9tan-a7fj
64
vulnerability VCID-mgxx-zdm4-9fe7
65
vulnerability VCID-mwg1-4tbg-53cg
66
vulnerability VCID-ntcr-n7fp-j3ab
67
vulnerability VCID-p84d-d8gt-ukck
68
vulnerability VCID-qsq4-2nz1-p7hu
69
vulnerability VCID-qxz4-rh86-cfcu
70
vulnerability VCID-rgfy-hqz1-zyb4
71
vulnerability VCID-rhp2-bwp6-k3d4
72
vulnerability VCID-rv3b-5ja1-dkdv
73
vulnerability VCID-t1ba-h3yd-yydc
74
vulnerability VCID-t5m6-39fh-zfhg
75
vulnerability VCID-tk7j-4vsm-e7c6
76
vulnerability VCID-tn7z-sztq-hbax
77
vulnerability VCID-u3gt-rhgh-p7ax
78
vulnerability VCID-uv6e-ctrt-eycw
79
vulnerability VCID-v7r7-xtq1-gug6
80
vulnerability VCID-v7ru-7kga-2bet
81
vulnerability VCID-vjad-xkj2-nygh
82
vulnerability VCID-vthq-tuqs-5fg9
83
vulnerability VCID-vvzs-mjes-e3eq
84
vulnerability VCID-wdvt-5z3a-5bc2
85
vulnerability VCID-weqh-3ye3-nbbp
86
vulnerability VCID-xde9-dz52-1fgp
87
vulnerability VCID-xm9z-aqhf-uqft
88
vulnerability VCID-y9ew-ydqv-4kbf
89
vulnerability VCID-yh52-jggb-jfgx
90
vulnerability VCID-yjgp-6ntk-xbc3
91
vulnerability VCID-ypqs-5ju2-hkcz
92
vulnerability VCID-yzdu-4cnk-5uft
93
vulnerability VCID-z8qf-cqwg-zkan
94
vulnerability VCID-zacs-wg6m-qyg4
95
vulnerability VCID-zgzb-haur-s7aq
96
vulnerability VCID-zwsv-4q8h-x3e7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7
aliases CVE-2024-20758, GHSA-wh4m-6rh3-p4rq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pqpk-dh2p-4yc8
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p7