32 results (0.011 seconds)

CVSS: 9.1EPSS: 0%CPEs: 12EXPL: 0

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution. Las versiones 2.4.3-p1 (y anteriores) y 2.3.7-p2 (y anteriores) de Adobe Commerce están afectadas por una vulnerabilidad de validación de entrada incorrecta. La explotación de este problema no requiere la interacción del usuario y podría dar lugar a una ejecución de código arbitrario posterior a la autenticación. • https://helpx.adobe.com/security/products/magento/apsb22-13.html • CWE-20: Improper Input Validation •

CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb23-17.html • CWE-284: Improper Access Control •

CVSS: 4.8EPSS: 0%CPEs: 12EXPL: 0

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. • https://helpx.adobe.com/security/products/magento/apsb23-17.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb23-17.html • CWE-91: XML Injection (aka Blind XPath Injection) •

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. A low-privileged authenticated attacker could leverage this vulnerability to achieve minor information disclosure. • https://helpx.adobe.com/security/products/magento/apsb23-17.html • CWE-863: Incorrect Authorization •