High severityNVD Advisory· Published Oct 14, 2022· Updated Apr 23, 2025

Adobe Commerce Stored XSS Arbitrary code execution

CVE-2022-35698

Description

Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
magento/community-editionPackagist	>= 2.4.3-p1, <= 2.4.3-p3	—
magento/project-community-editionPackagist	<= 2.0.2	—

Affected products

ghsa-coords2 versions
pkg:composer/magento/community-edition pkg:composer/magento/project-community-edition
(expand)+ 1 more
- (no CPE)
- (no CPE)range: <= 2.0.2
Adobe Inc./Magento Commercecpe-rescue
Range: unspecified

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-4vj2-426r-jm3gghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-35698ghsaADVISORY
helpx.adobe.com/security/products/magento/apsb22-48.htmlghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.008
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000