Mark-Netalico

**Name of the Vulnerable Software and Affected Versions** OpenMage LTS versions prior to 19.4.22 OpenMage LTS versions prior to 20.0.19 **Description** The issue is related to an infinite loop in the malicious code filter under certain conditions. There are no known workarounds for this problem. **Recommendations** For versions prior to 19.4.22, update to version 19.4.22 to resolve the issue. For versions prior to 20.0.19, update to version 20.0.19 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: OpenMage versions prior to 19.4.10 OpenMage versions prior to 20.0.5 Description: OpenMage, a community-driven alternative to Magento CE, has an issue where an administrator with permission to import/export data and to edit CMS pages can inject an executable file on the server via layout XML. Recommendations: For OpenMage versions prior to 19.4.10, update to version 19.4.10 or later. For OpenMage versions prior to 20.0.5, update to version 20.0.5 or later.

Name of the Vulnerable Software and Affected Versions: OpenMage versions prior to 19.4.10 OpenMage versions prior to 20.0.6 Description: The issue allows remote code execution. An administrator with permission to update product data can store an executable file on the server and load it via layout xml. Recommendations: For versions prior to 19.4.10, update to version 19.4.10 or later. For versions prior to 20.0.6, update to version 20.0.6 or later.