GitHub Advisory DatabaseGHSA-RG7P-WMGJ-F374Magento stored Cross-Site Scripting (XSS) vulnerability
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.2%
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimβs browser when they browse to the page containing the vulnerable field.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| magento/community-edition | lt | 2.4.3-p3 | |
| magento/community-edition | lt | 2.4.5 | |
| magento/community-edition | lt | 2.3.7-p4 |
References
github.com/advisories/GHSA-rg7p-wmgj-f374
github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523
github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa
github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594
helpx.adobe.com/security/products/magento/apsb22-38.html
nvd.nist.gov/vuln/detail/CVE-2022-34257
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.2%