Lucene search
China National Vulnerability DatabaseCNVD-2021-99779HistoryNov 12, 2021 - 12:00 a.m.
Adobe Magento Commerce Cross-Site Request Forgery Vulnerability
2021-11-1200:00:00
China National Vulnerability Database
www.cnvd.org.cn
14
magento commerce
cross-site request forgery
adobe
vulnerability
http requests
remote attacker
specially crafted web page
arbitrary actions
EPSS
0.001
Percentile
29.5%
Magento Commerce is designed to provide a best-in-class shopping experience without the need for developer support.A cross-site request forgery vulnerability exists in Adobe Magento Commerce versions 2.4.2-p2 and earlier, 2.4.3 and earlier, and 2.3.7p1 and earlier. The vulnerability stems from a program that does not adequately validate the source of HTTP requests. A remote attacker could use this vulnerability to trick a victim user into visiting a specially crafted web page and perform arbitrary actions while impersonating the victim.
Related
cve
cve
CVE-2021-39864
2021-10-15 15:15:08
cvelist
cvelist
nvd
nvd
CVE-2021-39864
2021-10-15 15:15:08
osv
osv
CVE-2021-39864
2021-10-15 15:15:08
prion
prion
Cross site request forgery (csrf)
2021-10-15 15:15:00
adobe
adobe
APSB21-86 Security update available for Adobe Commerce
2021-10-12 00:00:00