Vulnerabilidades em OpenMage
27 resultadosCVE-2026-25523MEDIUMMagento's X-Original-Url header can expose admin urlEPSS 0.3%CVE-2026-42155CRITICALMagento LTS: Weak API Session ID — Predictable MD5 of Time-Derived InputsEPSS 0.3%CVE-2026-42458MEDIUMMagento LTS: Reflected XSS - Import -> Data Flow (profiles)EPSS 0.3%CVE-2025-27400LOWMagento vulnerable to stored XSS in theme config fieldsEPSS 0.2%CVE-2025-64174MEDIUMOpenMage is vulnerable to XSS in Admin NotificationsEPSS 0.2%CVE-2026-40098MEDIUMOpenMage LTS imports cross-user wishlist item via shared wishlist code, leading to private option disclosure and file-disclosure variantEPSS 0.2%CVE-2026-42207MEDIUMMagento LTS: Open Redirect via Unvalidated `uenc` Parameter in `stockAction()` - magento-ltsEPSS 0.1%