Moderate severityNVD Advisory· Published Apr 10, 2024· Updated Sep 17, 2024
Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-20759
Description
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
magento/community-editionPackagist | >= 2.4.7-beta1, < 2.4.7 | 2.4.7 |
magento/community-editionPackagist | >= 2.4.6-p1, < 2.4.6-p5 | 2.4.6-p5 |
magento/community-editionPackagist | >= 2.4.5-p1, < 2.4.5-p7 | 2.4.5-p7 |
magento/community-editionPackagist | >= 2.4.4-p1, < 2.4.4-p8 | 2.4.4-p8 |
magento/project-community-editionPackagist | <= 2.0.2 | — |
Affected products
4- osv-coords3 versionspkg:bitnami/magentopkg:composer/magento/community-editionpkg:composer/magento/project-community-edition
>= 2.4.7-alpha0, < 2.4.7+ 2 more
- (no CPE)range: >= 2.4.7-alpha0, < 2.4.7
- (no CPE)
- (no CPE)range: <= 2.0.2
- Range: 0
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-59vf-hjxc-f9c5ghsaADVISORY
- helpx.adobe.com/security/products/magento/apsb24-18.htmlghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-20759ghsaADVISORY
News mentions
0No linked articles in our index yet.