Vulnerability-Lookup

CVE-2024-20719 (GCVE-0-2024-20719)

Vulnerability from cvelistv5 – Published: 2024-02-15 13:39 – Updated: 2024-08-01 21:59

Title

[Adobe Commerce] Stored XSS from low privileged admin user on every admin page, bypassing CVE-2023-29297

Summary

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)

Assigner

adobe

References

URL

	Vendor	Product	Version
	Adobe	Adobe Commerce	Affected: 0 , ≤ 2.4.4-p6 (semver)

GHSA-264G-F7V8-Q5QQ

Vulnerability from github – Published: 2024-02-15 15:30 – Updated: 2025-03-04 18:52

Summary

Magento Open Source allows Cross-Site Scripting (XSS)

Details

Severity ?

9.1 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

7.6 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "versions": [
        "2.4.6"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "versions": [
        "2.4.5"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "versions": [
        "2.4.4"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.6-p1"
            },
            {
              "fixed": "2.4.6-p4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.5-p1"
            },
            {
              "fixed": "2.4.5-p6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.4-p1"
            },
            {
              "fixed": "2.4.4-p7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/project-community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-20719"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-04T18:52:17Z",
    "nvd_published_at": "2024-02-15T14:15:46Z",
    "severity": "HIGH"
  },
  "details": "Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access.",
  "id": "GHSA-264g-f7v8-q5qq",
  "modified": "2025-03-04T18:52:17Z",
  "published": "2024-02-15T15:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20719"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/magento/magento2"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Magento Open Source allows Cross-Site Scripting (XSS)"
}

CERTFR-2024-AVI-0123

Vulnerability from certfr_avis - Published: 2024-02-14 - Updated: 2024-02-14

De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et injection de code indirecte à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	Commerce	Adobe Commerce version 2.4.4-x antérieures à 2.4.4-p7
Adobe	Magento	Magento Open Source versions 2.4.6-x antérieures à 2.4.6-p4
Adobe	Commerce	Adobe Commerce version 2.4.3-x antérieures à 2.4.3-ext-6
Adobe	Acrobat	Acrobat 2020 versions antérieures à 20.005.30574 sur Windows et macOS
Adobe	Acrobat Reader	Acrobat Reader 2020 versions antérieures à 20.005.30574 sur Windows et macOS
Adobe	Acrobat Reader DC	Acrobat Reader DC versions antérieures à 23.008.20533 sur Windows et macOS
Adobe	Acrobat DC	Acrobat DC versions antérieures à 23.008.20533 sur Windows et macOS
Adobe	Commerce	Adobe Commerce version 2.4.1-x antérieures à 2.4.1-ext-6
Adobe	Commerce	Adobe Commerce version 2.4.0-x antérieures à 2.4.0-ext-6
Adobe	Commerce	Adobe Commerce version 2.4.5-x antérieures à 2.4.5-p6
Adobe	Magento	Magento Open Source versions 2.4.5-x antérieures à 2.4.5-p6
Adobe	Commerce	Adobe Commerce version 2.3.7-x antérieures à 2.3.7-p4-ext-6
Adobe	Magento	Magento Open Source versions 2.4.4-x antérieures à 2.4.4-p7
Adobe	Commerce	Adobe Commerce version 2.4.6-x antérieures à 2.4.6-p4
Adobe	Commerce	Adobe Commerce version 2.4.2-x antérieures à 2.4.2-ext-6

References

Title

Publication Time

CNVD-2024-46820

Vulnerability from cnvd - Published: 2024-12-03

Title

Adobe Commerce缓冲区溢出漏洞

Description

Adobe Commerce是一个单一的多渠道商务平台 Adobe Commerce存在缓冲区溢出漏洞，该漏洞源于受到越界写入漏洞的影响，攻击者可利用该漏洞导致在当前用户的环境中执行任意代码。

Severity

高

Patch Name

Adobe Commerce缓冲区溢出漏洞的补丁

Patch Description

Adobe Commerce是一个单一的多渠道商务平台 Adobe Commerce存在缓冲区溢出漏洞，该漏洞源于受到越界写入漏洞的影响，攻击者可利用该漏洞导致在当前用户的环境中执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已提供漏洞修复方案，请关注厂商主页更新： https://helpx.adobe.com/security/products/substance3d_stager/apsb24-43.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2024-20719

Impacted products

Name
['Adobe Commerce <2.4.6-p3', 'Adobe Commerce <2.4.5-p5', 'Adobe Commerce <2.4.4-p6']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-20719",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-20719"
    }
  },
  "description": "Adobe Commerce\u662f\u4e00\u4e2a\u5355\u4e00\u7684\u591a\u6e20\u9053\u5546\u52a1\u5e73\u53f0\n\nAdobe Commerce\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53d7\u5230\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\u7684\u5f71\u54cd\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5728\u5f53\u524d\u7528\u6237\u7684\u73af\u5883\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://helpx.adobe.com/security/products/substance3d_stager/apsb24-43.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-46820",
  "openTime": "2024-12-03",
  "patchDescription": "Adobe Commerce\u662f\u4e00\u4e2a\u5355\u4e00\u7684\u591a\u6e20\u9053\u5546\u52a1\u5e73\u53f0\r\n\r\nAdobe Commerce\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53d7\u5230\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\u7684\u5f71\u54cd\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5728\u5f53\u524d\u7528\u6237\u7684\u73af\u5883\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Commerce\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Adobe Commerce \u003c2.4.6-p3",
      "Adobe Commerce \u003c2.4.5-p5",
      "Adobe Commerce \u003c2.4.4-p6"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-20719",
  "serverity": "\u9ad8",
  "submitTime": "2024-02-22",
  "title": "Adobe Commerce\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

FKIE_CVE-2024-20719

Vulnerability from fkie_nvd - Published: 2024-02-15 14:15 - Updated: 2024-11-21 08:53

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-03.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb24-03.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access. "
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado que podr\u00eda ser aprovechada por un atacante administrador para inyectar secuencias de comandos maliciosas en cada p\u00e1gina administrada. Se puede ejecutar JavaScript malicioso en el navegador de la v\u00edctima cuando navega a la p\u00e1gina que contiene el campo vulnerable, que podr\u00eda aprovecharse para obtener acceso de administrador."
    }
  ],
  "id": "CVE-2024-20719",
  "lastModified": "2024-11-21T08:53:00.843",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-02-15T14:15:46.077",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2024-20719

Vulnerability from fstec - Published: 15.02.2024

Title

Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source и Adobe Commerce, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source и Adobe Commerce связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код

Severity ?


                    
                      AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Vendor

Adobe Systems Inc.

Software Name

Adobe Commerce, Magento Open Source

Software Version

от 2.4.4 до 2.4.4-p6 включительно (Adobe Commerce), от 2.4.6 до 2.4.6-p3 включительно (Adobe Commerce), от 2.4.6 до 2.4.6-p3 включительно (Magento Open Source), от 2.4.5 до 2.4.5-p5 включительно (Magento Open Source), от 2.4.4 до 2.4.4-p6 включительно (Magento Open Source), от 2.4.3 до 2.4.3-ext-5 включительно (Adobe Commerce), от 2.4.2 до 2.4.2-ext-5 включительно (Adobe Commerce), от 2.4.1 до 2.4.1-ext-5 включительно (Adobe Commerce), от 2.4.0 до 2.4.0-ext-5 включительно (Adobe Commerce), от 2.3.7 до 2.3.7-p4-ext-5 включительно (Adobe Commerce), от 2.4.5 до 2.4.5-p5 включительно (Adobe Commerce)

Possible Mitigations

Использование рекомендаций производителя: https://helpx.adobe.com/security/products/magento/apsb24-03.html

Reference

https://helpx.adobe.com/security/products/magento/apsb24-03.html

CWE

CWE-79

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Adobe Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 2.4.4 \u0434\u043e 2.4.4-p6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Adobe Commerce), \u043e\u0442 2.4.6 \u0434\u043e 2.4.6-p3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Adobe Commerce), \u043e\u0442 2.4.6 \u0434\u043e 2.4.6-p3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Magento Open Source), \u043e\u0442 2.4.5 \u0434\u043e 2.4.5-p5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Magento Open Source), \u043e\u0442 2.4.4 \u0434\u043e 2.4.4-p6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Magento Open Source), \u043e\u0442 2.4.3 \u0434\u043e 2.4.3-ext-5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Adobe Commerce), \u043e\u0442 2.4.2 \u0434\u043e 2.4.2-ext-5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Adobe Commerce), \u043e\u0442 2.4.1 \u0434\u043e 2.4.1-ext-5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Adobe Commerce), \u043e\u0442 2.4.0 \u0434\u043e 2.4.0-ext-5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Adobe Commerce), \u043e\u0442 2.3.7 \u0434\u043e 2.3.7-p4-ext-5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Adobe Commerce), \u043e\u0442 2.4.5 \u0434\u043e 2.4.5-p5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Adobe Commerce)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://helpx.adobe.com/security/products/magento/apsb24-03.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.02.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "22.02.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.02.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-01527",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-20719",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Adobe Commerce, Magento Open Source",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u043d\u043b\u0430\u0439\u043d \u043c\u0430\u0433\u0430\u0437\u0438\u043d\u0430\u043c\u0438 Magento Open Source \u0438 Adobe Commerce, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u043d\u043b\u0430\u0439\u043d \u043c\u0430\u0433\u0430\u0437\u0438\u043d\u0430\u043c\u0438 Magento Open Source \u0438 Adobe Commerce \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://helpx.adobe.com/security/products/magento/apsb24-03.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-79",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,3)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,1)"
}

GSD-2024-20719

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2024-20719

Aliases

CVE-2024-20719

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2024-20719",
    "id": "GSD-2024-20719"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-20719"
      ],
      "details": "Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access. ",
      "id": "GSD-2024-20719",
      "modified": "2023-12-13T01:21:43.165023Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2024-20719",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Adobe Commerce",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThanOrEqual": "2.4.4-p6",
                                "status": "affected",
                                "version": "0",
                                "versionType": "semver"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Adobe"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access. "
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 9.1,
            "environmentalSeverity": "CRITICAL",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 9.1,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-79",
                "lang": "eng",
                "value": "Cross-site Scripting (Stored XSS) (CWE-79)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://helpx.adobe.com/security/products/magento/apsb24-03.html",
            "refsource": "MISC",
            "url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html"
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
                    "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
                    "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
                    "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
                    "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
                    "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
                    "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
                    "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
                    "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
                    "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
                    "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
                    "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
                    "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
                    "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
                    "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
                    "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
                    "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
                    "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access. "
          },
          {
            "lang": "es",
            "value": "Las versiones 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado que podr\u00eda ser aprovechada por un atacante administrador para inyectar secuencias de comandos maliciosas en cada p\u00e1gina administrada. Se puede ejecutar JavaScript malicioso en el navegador de la v\u00edctima cuando navega a la p\u00e1gina que contiene el campo vulnerable, que podr\u00eda aprovecharse para obtener acceso de administrador."
          }
        ],
        "id": "CVE-2024-20719",
        "lastModified": "2024-02-16T20:30:40.470",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.3,
              "impactScore": 6.0,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.3,
              "impactScore": 6.0,
              "source": "psirt@adobe.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-02-15T14:15:46.077",
        "references": [
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html"
          }
        ],
        "sourceIdentifier": "psirt@adobe.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-79"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-79"
              }
            ],
            "source": "psirt@adobe.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-20719 (GCVE-0-2024-20719)

GHSA-264G-F7V8-Q5QQ

CERTFR-2024-AVI-0123

Solution

CNVD-2024-46820

FKIE_CVE-2024-20719

CVE-2024-20719

GSD-2024-20719

Tags

Sightings

Nomenclature