Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact.
References
Link | Resource |
---|---|
https://helpx.adobe.com/security/products/magento/apsb23-50.html | Vendor Advisory |
https://helpx.adobe.com/security/products/magento/apsb23-50.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:13
Type | Values Removed | Values Added |
---|---|---|
References | () https://helpx.adobe.com/security/products/magento/apsb23-50.html - Vendor Advisory |
14 Oct 2023, 01:47
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://helpx.adobe.com/security/products/magento/apsb23-50.html - Vendor Advisory | |
First Time |
Adobe commerce
Adobe magento Adobe |
|
CPE | cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:* |
13 Oct 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-13 07:15
Updated : 2024-11-21 08:13
NVD link : CVE-2023-38219
Mitre link : CVE-2023-38219
CVE.ORG link : CVE-2023-38219
JSON object : View
Products Affected
adobe
- commerce
- magento
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')