CVSS: 9.0EPSS: 0%CPEs: 20EXPL: 0CVE-2022-34255 – Adobe Commerce Improper Access Control Privilege escalation
https://notcve.org/view.php?id=CVE-2022-34255
16 Aug 2022 — Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in Privilege escalation. An attacker with a low privilege account could leverage this vulnerability to perform an account takeover for a victim. Exploitation of this issue does not require user interaction. Adobe Commerce versiones 2.4.3-p2 (y anteriores), 2.3.7-p3 (y anteriores) y 2.4.4 (y anteriores) están afectadas por una vulnerabilidad... • https://helpx.adobe.com/security/products/magento/apsb22-38.html • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 0%CPEs: 20EXPL: 0CVE-2022-34254 – Adobe Commerce Improper Limitation of a Pathname to a Restricted Directory Arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-34254
16 Aug 2022 — Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could be abused by an attacker to inject malicious scripts into the vulnerable endpoint. A low privileged attacker could leverage this vulnerability to read local files and to perform Stored XSS. Exploitation of this issue does not require user interaction. Adobe Commerce versiones 2.4.3-p2 (y anter... • https://helpx.adobe.com/security/products/magento/apsb22-38.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 20EXPL: 0CVE-2022-34256 – Adobe Commerce Improper Authorization Privilege escalation
https://notcve.org/view.php?id=CVE-2022-34256
16 Aug 2022 — Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction. Adobe Commerce versiones 2.4.3-p2 (y anteriores), 2.3.7-p3 (y anteriores) y 2.4.4 (y anteriores) están afectadas por una vulnerabilidad de Autorización Inapropiada que podría result... • https://helpx.adobe.com/security/products/magento/apsb22-38.html • CWE-285: Improper Authorization •
CVSS: 4.8EPSS: 44%CPEs: 20EXPL: 0CVE-2022-34258 – Adobe Commerce Stored XSS Arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-34258
16 Aug 2022 — Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Adobe Commerce versiones 2.4.3-p2 (y anteriores), 2.3.7-p3 (y anteriores) y 2.4.4 (y anteriores) están afectadas po... • https://helpx.adobe.com/security/products/magento/apsb22-38.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 15EXPL: 0CVE-2012-1639
https://notcve.org/view.php?id=CVE-2012-1639
01 Oct 2012 — Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) sku or (2) title parameters. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el módulo enproduct/commerce_product.module en el módulo Drupal Commerce para Drupal anteriores a v7.x-1.2, permite a atacantes remotos secuestrar la autenticación de los ... • http://drupal.org/node/1416824 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •