FKIE_CVE-2024-20759
Vulnerability from fkie_nvd - Published: 2024-04-10 12:15 - Updated: 2025-02-11 15:59
Severity ?
Summary
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B790C86A-4B59-4B37-9147-7C72CA6D32F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
"matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
"matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
"matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
"matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
"matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
"matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
"matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
"matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
"matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
"matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
"matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
"matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
"matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
"matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
"matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
"matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
"matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
"matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
"matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
"matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
"matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
"matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
"matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-6:*:*:*:*:*:*",
"matchCriteriaId": "4FC41918-ACB1-4AE8-BFC0-CA74F02007FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "496DE1BC-DC23-4873-9A13-E166A267CC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "95AA877E-D67C-42B0-8673-EB7C1CFCE138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
"matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
"matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
"matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
"matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
"matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-6:*:*:*:*:*:*",
"matchCriteriaId": "9938C84D-3E58-4856-A1F7-A62ED914CB72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p2:*:*:*:*:*:*",
"matchCriteriaId": "38FFC3BA-B75E-4060-9E29-74367C7BE8A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
"matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
"matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
"matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
"matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
"matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
"matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
"matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
"matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
"matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
"matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
"matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
"matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
"matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
"matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
"matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
"matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
"matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
"matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
"matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
"matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
"matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
"matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
"matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*",
"matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
"matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
"matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
"matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
"matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
"matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
"matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
"matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
"matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
"matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
"matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
"matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
"matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
"matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
"matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
"matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
"matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
"matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
"matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
"matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
"matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
"matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
"matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
"matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*",
"matchCriteriaId": "7EB4B9C5-513C-4039-8087-5E8880894318",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact."
},
{
"lang": "es",
"value": "Las versiones 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado que podr\u00eda ser aprovechada por un atacante con altos privilegios para inyectar scripts maliciosos en campos de formulario vulnerables. Se puede ejecutar JavaScript malicioso en el navegador de la v\u00edctima cuando navega a la p\u00e1gina que contiene el campo vulnerable. La confidencialidad y la integridad se consideran altas debido a que tienen un impacto administrativo."
}
],
"id": "CVE-2024-20759",
"lastModified": "2025-02-11T15:59:16.957",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 5.8,
"source": "psirt@adobe.com",
"type": "Secondary"
}
]
},
"published": "2024-04-10T12:15:08.893",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…