Commerce@2.4.4 Security Vulnerabilities and Issues — Commerce@2.4.4 CVE List

Lucene search

AdobeCommerce2.4.4

10 matches found

CVE•added 2022/08/16 9:15 p.m.•96 views

CVE-2022-34253

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. Exploitation of this issue ...

9.1CVSS7.4AI score0.25306EPSS

CVE•added 2022/08/16 9:15 p.m.•94 views

CVE-2022-34258

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields. Malicious JavaScript ma...

4.8CVSS4.5AI score0.46659EPSS

CVE•added 2022/08/16 9:15 p.m.•89 views

CVE-2022-34257

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a vic...

6.1CVSS5.6AI score0.0039EPSS

CVE•added 2022/08/16 9:15 p.m.•82 views

CVE-2022-34256

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to access other user's data. Exploitation of this issue doe...

9.8CVSS8.4AI score0.00538EPSS

CVE•added 2022/08/16 9:15 p.m.•81 views

CVE-2022-34254

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could be abused by an attacker to inject malicious scripts into the vulnerable endpoint...

8.8CVSS8AI score0.00855EPSS

CVE•added 2022/10/20 5:15 p.m.•81 views

CVE-2022-42344

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Incorrect Authorization vulnerability. An authenticated attacker can exploit this vulnerability to achieve information exposure and privilege escalation.

8.8CVSS8.3AI score0.00873EPSS

CVE•added 2022/08/16 9:15 p.m.•75 views

CVE-2022-34259

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature....

5.3CVSS5AI score0.00031EPSS

CVE•added 2022/08/16 9:15 p.m.•74 views

CVE-2022-34255

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in Privilege escalation. An attacker with a low privilege account could leverage this vulnerability to perform an account takeove...

8.8CVSS8.6AI score0.00627EPSS

CVE•added 2022/10/14 8:15 p.m.•73 views

CVE-2022-35698

Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.

10CVSS6.6AI score0.05928EPSS

CVE•added 2022/10/14 8:15 p.m.•72 views

CVE-2022-35689

Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this is...

5.3CVSS5AI score0.00183EPSS