Lucene search

AdobeCVELIST:CVE-2022-35698

HistoryOct 11, 2022 - 12:00 a.m.

CVE-2022-35698 Adobe Commerce Stored XSS Arbitrary code execution

2022-10-1100:00:00

CWE-79

adobe

www.cve.org

adobe commerce

xss

arbitrary code execution

version 2.4.4-p1

version 2.4.5

stored vulnerability

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.2%

JSON

Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.

CNA Affected

[
  {
    "vendor": "Adobe",
    "product": "Magento Commerce",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "2.4.5",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "2.4.4-p1",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "None",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

helpx.adobe.com/security/products/magento/apsb22-48.html

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.2%

JSON

Related for CVELIST:CVE-2022-35698