AIKIDO-2025-10929
akeneo/module-magento2-connector-community is vulnerable to Cross-Site Scripting (XSS)
65
Medium Risk
This Affects:
akeneo/module-magento2-connector-communityTL;DR
Affected versions of this package contain a Cross-Site Scripting (XSS) vulnerability due to unescaped template output in HTML tags, attributes, and logging methods, which was addressed by adding the MagentoFrameworkEscaper library to properly escape HTML. Before this fix, user-supplied input was not effectively sanitized, allowing attackers to inject malicious scripts. An attacker could exploit this by submitting crafted input that, when rendered by the application, executes arbitrary JavaScript in the victim's browser.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
akeneo/module-magento2-connector-community is vulnerable to Cross-Site Scripting (XSS) in versions 100.1.0 - 105.1.1.
How to fix this
Upgrade the akeneo/module-magento2-connector-community library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant