Openmage Magento Lts
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Openmage Magento Lts.
By the Year
In 2026 there have been 0 vulnerabilities in Openmage Magento Lts. Last year, in 2025 Magento Lts had 1 security vulnerability published. Right now, Magento Lts is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 0.00 |
It may take a day or so for new Magento Lts vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Openmage Magento Lts Security Vulnerabilities
Magento-lts Stored XSS via Admin Notification Grid (20.15.0)
CVE-2025-64174
- November 06, 2025
Magento-lts is a long-term support alternative to Magento Community Edition (CE). Versions 20.15.0 and below are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin with direct database access or the admin notification feed source to inject malicious scripts into vulnerable fields. Unescaped translation strings and URLs are printed into contexts inside app/code/core/Mage/Adminhtml/Block/Notification/Grid/Renderer/Actions.php. A malicious translation or polluted data can inject script. This issue is fixed in version 20.16.0.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Openmage Magento Lts or by Openmage? Click the Watch button to subscribe.
