GitHub Advisory DatabaseGHSA-5M55-G8PV-X8WWMagento stored Cross-Site Scripting (XSS) vulnerability
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
5.3 Medium
AI Score
Confidence
High
0.014 Low
EPSS
Percentile
86.6%
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimβs browser when they browse to the page containing the vulnerable field.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| magento/community-edition | lt | 2.4.3-p3 | |
| magento/community-edition | lt | 2.4.5 | |
| magento/community-edition | lt | 2.3.7-p4 |
References
github.com/advisories/GHSA-5m55-g8pv-x8ww
github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523
github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa
github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594
helpx.adobe.com/security/products/magento/apsb22-38.html
nvd.nist.gov/vuln/detail/CVE-2022-34258
Related
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
5.3 Medium
AI Score
Confidence
High
0.014 Low
EPSS
Percentile
86.6%