Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access.
References
| Link | Resource |
|---|---|
| https://helpx.adobe.com/security/products/magento/apsb24-03.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
16 Feb 2024, 20:30
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://helpx.adobe.com/security/products/magento/apsb24-03.html - Vendor Advisory | |
| Summary |
|
|
| CPE | cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:* |
|
| First Time |
Adobe commerce
Adobe |
15 Feb 2024, 14:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-02-15 14:15
Updated : 2024-02-16 20:30
NVD link : CVE-2024-20719
Mitre link : CVE-2024-20719
CVE.ORG link : CVE-2024-20719
JSON object : View
Products Affected
adobe
- commerce
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')