Cross site scripting

2023-03-2721:15:00

PRIOn knowledge base

www.prio-n.com

adobe commerce

cross-site scripting

vulnerability

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.6%

JSON

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CPENameOperatorVersion
commerceeq2.4.4
commerceeq2.4.5
commerceeq2.4.4 p1
commercelt2.4.4
commerceeq2.4.5 p1
commerceeq2.4.4 p2
magento_open_sourcelt2.4.4
magento_open_sourceeq2.4.5
magento_open_sourceeq2.4.4 p1
magento_open_sourceeq2.4.4

Name	Operator	Version
commerce	eq	2.4.4
commerce	eq	2.4.5
commerce	eq	2.4.4 p1
commerce	lt	2.4.4
commerce	eq	2.4.5 p1
commerce	eq	2.4.4 p2
magento_open_source	lt	2.4.4
magento_open_source	eq	2.4.5
magento_open_source	eq	2.4.4 p1
magento_open_source	eq	2.4.4