Moderate severityNVD Advisory· Published Jun 13, 2024· Updated Aug 2, 2024
Stored Cross Site Scripting in Order Comment
CVE-2024-34105
Description
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
magento/community-editionPackagist | >= 2.4.6-p1, < 2.4.6-p6 | 2.4.6-p6 |
magento/community-editionPackagist | >= 2.4.5-p1, < 2.4.5-p8 | 2.4.5-p8 |
magento/community-editionPackagist | < 2.4.4-p9 | 2.4.4-p9 |
Affected products
3- osv-coords2 versions
>= 2.4.7-alpha0, < 2.4.7-p1+ 1 more
- (no CPE)range: >= 2.4.7-alpha0, < 2.4.7-p1
- (no CPE)
- Range: 0
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-5632-wq7m-gfq9ghsaADVISORY
- helpx.adobe.com/security/products/magento/apsb24-40.htmlghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-34105ghsaADVISORY
- github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799ghsaWEB
- github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2ghsaWEB
- github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83cghsaWEB
- github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482ghsaWEB
News mentions
0No linked articles in our index yet.