Magento: XSS Vulnerability in User Account Description - Proactive Insights and Support For Open-Source Applications

In Magento’s all versions, a medium severity vulnerability CVE-2024-4812 was detected. This vulnerability allows storing malicious JavaScript code in the “Description” field of a user account, which can be executed when opening certain pages like Host Collections. To fix this issue, users must upgrade Magento to the latest version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-4812.