AIKIDO-2024-10391

algolia/algoliasearch-magento-2 is vulnerable to Cross-site Scripting (XSS)

47

Medium

algolia/algoliasearch-magento-2 php

AIKIDO-2024-10391: algolia/algoliasearch-magento-2 is vulnerable to Cross-site Scripting (XSS) in versions 0.8.0 - 3.13.3.

Cross-site Scripting (XSS)
Vuln in 0.8.0 - 3.13.3
Fixed in 3.13.4
No CVE available
TL;DR

Affected versions of this package are vulnerable to cross-site scripting (XSS) in the InstantSearch search box.

Who does this affect?

You're affected if you are using a version which is within vulnerability ranges.

How can it be fixed?

Upgrade algolia/algoliasearch-magento-2 library to patch version.

Background info

Link to vendor website

Logo
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US