CVE-2026-42458

Published: Mag 15, 2026 Last Modified: Mag 18, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: passive

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, there is a reflected XSS vulnerability under admin panel -> System -> Import/Export -> Dataflow - Profiles. This vulnerability is fixed in 20.18.0.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0005

Percentile

0,1th

Updated

EPSS Score Trend (Last 5 Days)

Improper Neutralization of Alternate XSS Syntax

Draft

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability

Potential Impacts:

Read Application Data Execute Unauthorized Code Or Commands

Applicable Platforms

All platforms may be affected

View CWE Details

https://github.com/OpenMage/magento-lts/security/advisories…

https://github.com/OpenMage/magento-lts/security/advisories/GHSA-x8jv-q8j2-487c

https://github.com/OpenMage/magento-lts/security/advisories…

https://github.com/OpenMage/magento-lts/security/advisories/GHSA-x8jv-q8j2-487c

CVE-2026-42458

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 5 Days)

Improper Neutralization of Alternate XSS Syntax

Common Consequences

Applicable Platforms

Iscriviti alla newsletter