{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "1.9.4.4" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.14.4.4" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "2.2.0" }, { "last_affected": "2.2.11" }, { "introduced": "2.2.0" }, { "last_affected": "2.2.11" }, { "introduced": "2.3.0" }, { "last_affected": "2.3.4" }, { "introduced": "2.3.0" }, { "last_affected": "2.3.4" } ] }, "events": [ { "introduced": "239bfc72e116f6814ff6c2f6731f0830f3bcf61c" }, { "last_affected": "5cfffdd1b2c6bd7cef8c07226b09da8c92d519a7" }, { "introduced": "239bfc72e116f6814ff6c2f6731f0830f3bcf61c" }, { "last_affected": "5cfffdd1b2c6bd7cef8c07226b09da8c92d519a7" }, { "introduced": "75da24b3b0fb950648d00e7454dae0bb7da64c30" }, { "last_affected": "5cfffdd1b2c6bd7cef8c07226b09da8c92d519a7" }, { "introduced": "75da24b3b0fb950648d00e7454dae0bb7da64c30" }, { "last_affected": "5cfffdd1b2c6bd7cef8c07226b09da8c92d519a7" } ], "repo": "https://github.com/magento/devdocs", "type": "GIT" } ] } ], "details": "Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure .", "id": "CVE-2020-9577", "modified": "2026-03-13T21:47:28.441473360Z", "published": "2020-06-26T21:15:16.670Z", "references": [ { "type": "ADVISORY", "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ] }