CVE-2025-27400
LOW2.9EPSS 0.20%Magento LTS vulnerable to stored XSS in theme config fields
Published: 3/3/2025Modified: 3/3/2025
Also known as:GHSA-5pxh-89cx-4668
Description
As reported by [Aakash Adhikari](https://hackerone.com/dark_haxor), Github: @justlife4x4, the Design > Themes > Skin (Images / CSS) config field allows a Stored XSS when it contains an end script tag. ### Impact A malicious user with access to this configuration field could use a Stored XSS to affect other authenticated admin users in the admin panel. The attack requires an admin user with configuration access, so in practice, it is not very likely to be used for gaining elevated privileges, although it could theoretically be used to impersonate other users. 
Affected packages (1)
- Packagist/openmage/magento-ltsfrom 0, < 20.12.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | LOW2.9 | CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-27400
- PATCHhttps://github.com/OpenMage/magento-lts
- WEBhttps://github.com/OpenMage/magento-lts/commit/d307e5bf75729a2347dde0952fe9fd9fcd9c6aea
- WEBhttps://github.com/OpenMage/magento-lts/releases/tag/v20.12.3
- WEBhttps://github.com/OpenMage/magento-lts/releases/tag/v20.13.0
- WEBhttps://github.com/OpenMage/magento-lts/security/advisories/GHSA-5pxh-89cx-4668