CVE-2024-20717

Published Feb 15, 2024

Last updated a year ago

CVSS medium 5.4

Overview

Description: Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Source: psirt@adobe.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 2.7
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

psirt@adobe.com: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References