EUVD-2022-38573

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Adobe Commerce versions 2.4.4-p1 and earlier are vulnerable to Stored Cross-site Scripting attacks.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2022-35698	12 Oct 202206:00	–	circl
CNNVD	Adobe Commerce 跨站脚本漏洞	12 Oct 202200:00	–	cnnvd
CVE	CVE-2022-35698	14 Oct 202219:48	–	cve
Cvelist	CVE-2022-35698 Adobe Commerce Stored XSS Arbitrary code execution	14 Oct 202219:48	–	cvelist
Github Security Blog	Magento Open Source allows Stored Cross-Site Scripting (Stored XSS)	15 Oct 202212:01	–	github
NCSC	Vulnerabilities fixed in Adobe products	12 Oct 202200:00	–	ncsc
NVD	CVE-2022-35698	14 Oct 202220:15	–	nvd
OSV	GHSA-4VJ2-426R-JM3G Magento Open Source allows Stored Cross-Site Scripting (Stored XSS)	15 Oct 202212:01	–	osv
Prion	Cross site scripting	14 Oct 202220:15	–	prion
Vulnrichment	CVE-2022-35698 Adobe Commerce Stored XSS Arbitrary code execution	14 Oct 202219:48	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "bd390c7c-b67a-39d5-8d8f-9d7e80f2ef08",
        "vendor": {
          "name": "Adobe"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "5a849404-bfa9-385b-bc21-0c789928bd08",
        "product": {
          "name": "Magento Commerce"
        },
        "product_version": "unspecified ≤None"
      },
      {
        "id": "88bed534-f4be-3145-9fad-c9d88e93f39a",
        "product": {
          "name": "Magento Commerce"
        },
        "product_version": "unspecified ≤2.4.5"
      },
      {
        "id": "d657a6f5-4378-38eb-92c2-467fdfe0fef5",
        "product": {
          "name": "Magento Commerce"
        },
        "product_version": "unspecified ≤2.4.4-p1"
      }
    ]
  }
]

Source	Link
helpx	www.helpx.adobe.com/security/products/magento/apsb22-48.html
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-35698
github	www.github.com/magento/magento2

03 Oct 2025 20:07Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.15.4 - 10

EPSS0.02186

SSVC