ReportizFlow
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Adobe |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
No data.
References
History
Wed, 16 Apr 2025 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Adobe
Adobe commerce Adobe commerce B2b Adobe magento |
|
| CPEs | cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:* cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:* |
|
| Vendors & Products |
Adobe
Adobe commerce Adobe commerce B2b Adobe magento |
Thu, 27 Feb 2025 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. |
Tue, 11 Feb 2025 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 11 Feb 2025 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | |
| Title | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: adobe
Published: 2025-02-11T17:37:36.216Z
Updated: 2025-02-27T20:38:13.659Z
Reserved: 2025-01-21T17:00:45.700Z
Link: CVE-2025-24412
Vulnrichment
Updated: 2025-02-11T18:50:46.175Z
NVD
Status : Analyzed
Published: 2025-02-11T18:15:42.433
Modified: 2025-04-16T17:17:56.930
Link: CVE-2025-24412
Redhat
No data.