What is CVE-2021-32758?

CVE-2021-32758 is a high-severity vulnerability in Openmage Magento-lts, classified under XML Injection (Blind XPath Injection). CVSS score: 7.2/10. Published 2021-08-27.

How severe is CVE-2021-32758?

High severity. CVSS v3 base score is 7.2 out of 10.

XPath Injection in Openmage Magento-lts

CVE-2021-32758

OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.1…

EPSS: 0.004 (58.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Openmage Magento-lts — versions < 19.4.15, >= 20, < 20.0.11

Weakness classification (CWE)

CWE-91 — XML Injection (Blind XPath Injection)

References

github.com/OpenMage/magento-lts/security/advisories/GHSA-26rr-v2j2-25fh (x_refsource_CONFIRM)
github.com/OpenMage/magento-lts/releases/tag/v19.4.15 (x_refsource_MISC)
github.com/OpenMage/magento-lts/releases/tag/v20.0.11 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-32758?: CVE-2021-32758 is a high-severity vulnerability in Openmage Magento-lts, classified under XML Injection (Blind XPath Injection). CVSS score: 7.2/10. Published 2021-08-27.
How severe is CVE-2021-32758?: High severity. CVSS v3 base score is 7.2 out of 10.