Lucene search

[email protected]NVD:CVE-2022-34258

HistoryAug 16, 2022 - 9:15 p.m.

CVE-2022-34258

2022-08-1621:15:10

CWE-79

[email protected]

web.nvd.nist.gov

adobe commerce

xss

vulnerability

javascript

admin privileges

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

0.014 Low

EPSS

Percentile

86.6%

JSON

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Affected configurations

NVD

Node

adobecommerceRange2.3.0–2.3.7

adobecommerceRange2.4.0–2.4.3

adobecommerceMatch2.3.7-

adobecommerceMatch2.3.7p1

adobecommerceMatch2.3.7p2

adobecommerceMatch2.3.7p3

adobecommerceMatch2.4.3-

adobecommerceMatch2.4.3p1

adobecommerceMatch2.4.3p2

adobecommerceMatch2.4.4-

magentomagentoRange2.3.0–2.3.7commerce

magentomagentoRange2.4.0–2.4.3commerce

magentomagentoMatch2.3.7-commerce

magentomagentoMatch2.3.7p1commerce

magentomagentoMatch2.3.7p2commerce

magentomagentoMatch2.3.7p3commerce

magentomagentoMatch2.4.3-commerce

magentomagentoMatch2.4.3p1commerce

magentomagentoMatch2.4.3p2commerce

magentomagentoMatch2.4.4-commerce

References

helpx.adobe.com/security/products/magento/apsb22-38.html