Summary OpenMage is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Details Mage_Adminhtml_Block_System_Config_Form_Field_File does not escape filename value in certain situations. Same as: https://nvd.nist.gov/vuln/detail/CVE-2024-20717 PoC Create empty file with this filename: <img src=x onerror=alert(1)>.crt Go to System > Configuration > Sales | Payment Methonds. Click Configure on PayPal Express Checkout. Choose API Certificate from dropdown API Authentication Methods. Choose the XSS-file and click Save Config. Profit, alerts "1" -> XSS. Reload, alerts "1" -> Stored XSS. Impact Affects admins that have access to any fileupload field in admin in core or custom implementations. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable…Read More