CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 0CVE-2024-20716 – Force high-usage of resources by generating unlimited coupons: Adobe Commerce
https://notcve.org/view.php?id=CVE-2024-20716
15 Feb 2024 — Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. A high-privileged attacker could leverage this vulnerability to exhaust system resources, causing the application to slow down or crash. Exploitation of this issue does not require user interaction. Las versiones 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de consumo inc... • https://helpx.adobe.com/security/products/magento/apsb24-03.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2024-20717 – Stored admin XSS via PayPal authentication certificate
https://notcve.org/view.php?id=CVE-2024-20717
15 Feb 2024 — Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Las versiones 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) Almacenad... • https://helpx.adobe.com/security/products/magento/apsb24-03.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2024-20718 – [Spain] CSRF to delete Requisition Lists at Adobe Commerce
https://notcve.org/view.php?id=CVE-2024-20718
15 Feb 2024 — Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to trick a victim into performing actions they did not intend to do, which could be used to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction, typically in the form of the victim clicking a link or visiting a malicious website. L... • https://helpx.adobe.com/security/products/magento/apsb24-03.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 17EXPL: 0CVE-2024-20719 – [Adobe Commerce] Stored XSS from low privileged admin user on every admin page, bypassing CVE-2023-29297
https://notcve.org/view.php?id=CVE-2024-20719
15 Feb 2024 — Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access. Las versiones 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Cros... • https://helpx.adobe.com/security/products/magento/apsb24-03.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 3%CPEs: 17EXPL: 0CVE-2024-20720 – Command injection in data collector backup due to insufficient patching of CVE-2023-38208
https://notcve.org/view.php?id=CVE-2024-20720
15 Feb 2024 — Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. Las versiones 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 y anteriores de Adobe Commerce se ven afectadas por una neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sist... • https://helpx.adobe.com/security/products/magento/apsb24-03.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 58EXPL: 0CVE-2023-38251 – Adobe Commerce | Uncontrolled Resource Consumption (CWE-400)
https://notcve.org/view.php?id=CVE-2023-38251
13 Oct 2023 — Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction. Las versiones de Adobe Commerce 2.4.7-beta1 (y anteriores), 2.4.6-p2 (y anteriores), 2.4.5-p4 (y anteriores) y 2.4.4-p5 (y anteriores) se ven afectadas por una vulnerabilidad de Consumo de Recursos Incon... • https://helpx.adobe.com/security/products/magento/apsb23-50.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.7EPSS: 0%CPEs: 58EXPL: 0CVE-2023-38219 – Validate Your Inputs | Cross-site Scripting (Stored XSS) (CWE-79) - Customer to Admin stored XSS with Gift wrapping
https://notcve.org/view.php?id=CVE-2023-38219
13 Oct 2023 — Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact. L... • https://helpx.adobe.com/security/products/magento/apsb23-50.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 58EXPL: 0CVE-2023-38220 – Full page cache enumeration via cookie X-Magento-Vary
https://notcve.org/view.php?id=CVE-2023-38220
13 Oct 2023 — Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of this issue does not require user interaction. Las versiones de Adobe Commerce 2.4.7-beta1 (y anteriores), 2.4.6-p2 (y anteriores), 2.4.5-p4 (y anteriores) y 2.4.4-p5 (y anteriores) se ven afectadas por una vulner... • https://helpx.adobe.com/security/products/magento/apsb23-50.html • CWE-285: Improper Authorization •
CVSS: 6.1EPSS: 0%CPEs: 58EXPL: 0CVE-2023-26367 – Error based file extraction via PHP filter chains during product bulk import logic
https://notcve.org/view.php?id=CVE-2023-26367
13 Oct 2023 — Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction. Las versiones de Adobe Commerce 2.4.7-beta1 (y anteriores), 2.4.6-p2 (y anteriores), 2.4.5-p4 (y anteriores) y 2.4.4-p5 (y anteriores) se ven afectadas por una vulnerabilidad... • https://helpx.adobe.com/security/products/magento/apsb23-50.html • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 58EXPL: 0CVE-2023-26366 – Validate Your Inputs | Server-Side Request Forgery (SSRF) (CWE-918)
https://notcve.org/view.php?id=CVE-2023-26366
13 Oct 2023 — Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the ... • https://helpx.adobe.com/security/products/magento/apsb23-50.html • CWE-918: Server-Side Request Forgery (SSRF) •