The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores lies in the lack of protective measures for website structures. This allows attackers to execute arbitrary code.

🗓️ 02 Apr 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Magento Open Source and Adobe Commerce vulnerable from missing site protections enabling remote code execution.

Reporter	Title	Published	Views	Family All 11
CNNVD	Adobe Commerce 跨站脚本漏洞	15 Mar 202300:00	–	cnnvd
CNVD	Adobe Commerce Cross-Site Scripting Vulnerability (CNVD-2024-09609)	17 Mar 202300:00	–	cnvd
CVE	CVE-2023-22249	27 Mar 202300:00	–	cve
Cvelist	CVE-2023-22249 Adobe Commerce Stored XSS Arbitrary code execution	27 Mar 202300:00	–	cvelist
Github Security Blog	Magento Open Source allows Cross-Site Scripting (XSS)	6 Jul 202319:24	–	github
NVD	CVE-2023-22249	27 Mar 202321:15	–	nvd
OSV	GHSA-FXCR-GVCW-HMQM Magento Open Source allows Cross-Site Scripting (XSS)	6 Jul 202319:24	–	osv
Prion	Cross site scripting	27 Mar 202321:15	–	prion
Positive Technologies	PT-2023-2049 · Adobe · Commerce	14 Mar 202300:00	–	ptsecurity
Snyk	Cross-site Scripting (XSS)	6 Jul 202319:24	–	snyk

Vulners

Node

adobe_systems adobe_commerceRange≤2.4.4-p2

OR

adobe_systems adobe_commerceRange≤2.4.5-p1

OR

adobe_systems magento_open_sourceRange≤2.4.4-p2

OR

adobe_systems magento_open_sourceRange≤2.4.5-p1

Source	Link
helpx	www.helpx.adobe.com/security/products/magento/apsb23-17.html
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2023031480
web	www.web.nvd.nist.gov/view/vuln/detail

02 Apr 2023 00:00Current

6Medium risk

Vulners AI Score6

CVSS 34.8

CVSS 25.5

EPSS0.57424

Magento Open Source Adobe Commerce site protections remote code execution website structure