Lucene search

GoogleOSV:CVE-2022-35698

HistoryOct 14, 2022 - 8:15 p.m.

CVE-2022-35698

2022-10-1420:15:11

Google

osv.dev

adobe commerce

stored xss

vulnerability

2.4.4-p1

2.4.5

post-authentication

arbitrary code execution

exploitation

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.2%

JSON

Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.

CPENameOperatorVersion
magento2eq0.74.0-beta3
magento2eq0.1.0-alpha89
magento2eq0.1.0-alpha93
magento2eq0.42.0-beta9
magento2eq0.1.0-alpha90
magento2eq2.2.0-rc2.0
magento2eq0.74.0-beta2
magento2eq0.1.0-alpha95
magento2eq2.4.2
magento2eq1.0.0-beta

Name	Operator	Version
magento2	eq	0.74.0-beta3
magento2	eq	0.1.0-alpha89
magento2	eq	0.1.0-alpha93
magento2	eq	0.42.0-beta9
magento2	eq	0.1.0-alpha90
magento2	eq	2.2.0-rc2.0
magento2	eq	0.74.0-beta2
magento2	eq	0.1.0-alpha95
magento2	eq	2.4.2
magento2	eq	1.0.0-beta

Rows per page:

1-10 of 711

References

helpx.adobe.com/security/products/magento/apsb22-48.html

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.2%

JSON

Related for OSV:CVE-2022-35698