CVE-2024-45116

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim's browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
adobeCNA
8.1 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
adobeadobe_commerce
𝑥
≤ 2.4.4-p10
adobecommerce
-
adobecommerce
2.3.7
adobecommerce
2.3.7:p1
adobecommerce
2.3.7:p2
adobecommerce
2.3.7:p3
adobecommerce
2.3.7:p4
adobecommerce
2.3.7:p4-ext1
adobecommerce
2.3.7:p4-ext2
adobecommerce
2.3.7:p4-ext3
adobecommerce
2.3.7:p4-ext4
adobecommerce
2.4.0
adobecommerce
2.4.0
adobecommerce
2.4.0:ext-1
adobecommerce
2.4.0:ext-2
adobecommerce
2.4.0:ext-3
adobecommerce
2.4.0:ext-4
adobecommerce
2.4.1
adobecommerce
2.4.1
adobecommerce
2.4.1:ext-1
adobecommerce
2.4.1:ext-2
adobecommerce
2.4.1:ext-3
adobecommerce
2.4.1:ext-4
adobecommerce
2.4.2
adobecommerce
2.4.2
adobecommerce
2.4.2:ext-1
adobecommerce
2.4.2:ext-2
adobecommerce
2.4.2:ext-3
adobecommerce
2.4.2:ext-4
adobecommerce
2.4.2:p1
adobecommerce
2.4.2:p2
adobecommerce
2.4.3
adobecommerce
2.4.3
adobecommerce
2.4.3:ext-1
adobecommerce
2.4.3:ext-2
adobecommerce
2.4.3:ext-3
adobecommerce
2.4.3:ext-4
adobecommerce
2.4.3:p1
adobecommerce
2.4.3:p2
adobecommerce
2.4.4
adobecommerce
2.4.4:p1
adobecommerce
2.4.4:p10
adobecommerce
2.4.4:p2
adobecommerce
2.4.4:p3
adobecommerce
2.4.4:p4
adobecommerce
2.4.4:p5
adobecommerce
2.4.4:p6
adobecommerce
2.4.4:p7
adobecommerce
2.4.4:p8
adobecommerce
2.4.4:p9
adobecommerce
2.4.5
adobecommerce
2.4.5:p1
adobecommerce
2.4.5:p2
adobecommerce
2.4.5:p3
adobecommerce
2.4.5:p4
adobecommerce
2.4.5:p5
adobecommerce
2.4.5:p6
adobecommerce
2.4.5:p7
adobecommerce
2.4.5:p8
adobecommerce
2.4.5:p9
adobecommerce
2.4.6
adobecommerce
2.4.6:p1
adobecommerce
2.4.6:p2
adobecommerce
2.4.6:p3
adobecommerce
2.4.6:p4
adobecommerce
2.4.6:p5
adobecommerce
2.4.6:p6
adobecommerce
2.4.6:p7
adobecommerce
2.4.7
adobecommerce
2.4.7:b1
adobecommerce
2.4.7:b2
adobecommerce
2.4.7:p1
adobecommerce
2.4.7:p2
adobecommerce_b2b
1.3.3
adobecommerce_b2b
1.3.3:p10
adobecommerce_b2b
1.3.4
adobecommerce_b2b
1.3.4:p9
adobecommerce_b2b
1.3.5
adobecommerce_b2b
1.3.5:p7
adobecommerce_b2b
1.4.2
adobecommerce_b2b
1.4.2:p1
adobecommerce_b2b
1.4.2:p2
adobemagento
-
adobemagento
2.4.3
adobemagento
2.4.4
adobemagento
2.4.4:p1
adobemagento
2.4.4:p10
adobemagento
2.4.4:p2
adobemagento
2.4.4:p3
adobemagento
2.4.4:p4
adobemagento
2.4.4:p5
adobemagento
2.4.4:p6
adobemagento
2.4.4:p7
adobemagento
2.4.4:p8
adobemagento
2.4.4:p9
adobemagento
2.4.5
adobemagento
2.4.5:p1
adobemagento
2.4.5:p2
adobemagento
2.4.5:p3
adobemagento
2.4.5:p4
adobemagento
2.4.5:p5
adobemagento
2.4.5:p6
adobemagento
2.4.5:p7
adobemagento
2.4.5:p8
adobemagento
2.4.5:p9
adobemagento
2.4.6
adobemagento
2.4.6:p1
adobemagento
2.4.6:p2
adobemagento
2.4.6:p3
adobemagento
2.4.6:p4
adobemagento
2.4.6:p5
adobemagento
2.4.6:p6
adobemagento
2.4.6:p7
adobemagento
2.4.7
adobemagento
2.4.7:b1
adobemagento
2.4.7:p1
adobemagento
2.4.7:p2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://helpx.adobe.com/security/products/magento/apsb24-73.html