Lucene search

GitHub Advisory DatabaseGHSA-5M55-G8PV-X8WW

HistoryAug 17, 2022 - 12:00 a.m.

Magento stored Cross-Site Scripting (XSS) vulnerability

2022-08-1700:00:19

CWE-79

GitHub Advisory Database

github.com

magento

xss

adobe commerce

vulnerability

admin privileges

malicious scripts

form fields

javascript

browser

security

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

5.3

Confidence

High

EPSS

0.005

Percentile

77.1%

JSON

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Affected configurations

Vulners

Node

magentocommunity-editionRange2.4.0–2.4.3-p3

magentocommunity-editionRange2.4.4–2.4.5

magentocommunity-editionRange2.3.0–2.3.7-p4

VendorProductVersionCPE
magentocommunity-edition*cpe:2.3:a:magento:community-edition:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
magento	community-edition	*	cpe:2.3:a:magento:community-edition::::::::

References

github.com/advisories/GHSA-5m55-g8pv-x8ww

github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523

github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa

github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594

helpx.adobe.com/security/products/magento/apsb22-38.html

nvd.nist.gov/vuln/detail/CVE-2022-34258