Low severityNVD Advisory· Published Mar 27, 2023· Updated Mar 5, 2025

Adobe Commerce Stored XSS Arbitrary code execution

CVE-2023-22249

Description

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
magento/community-editionPackagist	>= 2.4.4-p1, <= 2.4.4-p2	—

Affected products

ghsa-coords
pkg:composer/magento/community-edition
Adobe Inc./Magento Commercecpe-rescue
Range: unspecified

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-fxcr-gvcw-hmqmghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-22249ghsaADVISORY
helpx.adobe.com/security/products/magento/apsb23-17.htmlghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.065
epss	0.046
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000