CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24438 – Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2025-24438
11 Feb 2025 — Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. A... • https://helpx.adobe.com/security/products/magento/apsb25-08.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24423 – Adobe Commerce | Improper Access Control (CWE-284)
https://notcve.org/view.php?id=CVE-2025-24423
11 Feb 2025 — Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerabi... • https://helpx.adobe.com/security/products/magento/apsb25-08.html • CWE-284: Improper Access Control •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24418 – Adobe Commerce | Improper Authorization (CWE-285)
https://notcve.org/view.php?id=CVE-2025-24418
11 Feb 2025 — Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerabili... • https://helpx.adobe.com/security/products/magento/apsb25-08.html • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24406 – Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
https://notcve.org/view.php?id=CVE-2025-24406
11 Feb 2025 — Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to modify files that are stored outside the restricted directory. Exploitation of this issue does not require user interaction. Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier a... • https://helpx.adobe.com/security/products/magento/apsb25-08.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24417 – Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2025-24417
11 Feb 2025 — Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. A... • https://helpx.adobe.com/security/products/magento/apsb25-08.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24409 – Adobe Commerce | Incorrect Authorization (CWE-863)
https://notcve.org/view.php?id=CVE-2025-24409
11 Feb 2025 — Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this issue does not require user interaction. Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affe... • https://helpx.adobe.com/security/products/magento/apsb25-08.html • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24425 – Adobe Commerce | Business Logic Errors (CWE-840)
https://notcve.org/view.php?id=CVE-2025-24425
11 Feb 2025 — Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to circumvent intended security mechanisms by manipulating the logic of the application's operations causing limited data modification. Exploitation of this issue does not require user interaction. Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 ... • https://helpx.adobe.com/security/products/magento/apsb25-08.html • CWE-840: Business Logic Errors •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24421 – Adobe Commerce | Incorrect Authorization (CWE-863)
https://notcve.org/view.php?id=CVE-2025-24421
11 Feb 2025 — Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to perform actions with permissions that were not granted. Exploitation of this issue does not require user interaction. Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vuln... • https://helpx.adobe.com/security/products/magento/apsb25-08.html • CWE-863: Incorrect Authorization •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24412 – Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2025-24412
11 Feb 2025 — Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. A... • https://helpx.adobe.com/security/products/magento/apsb25-08.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24427 – Adobe Commerce | Improper Access Control (CWE-284)
https://notcve.org/view.php?id=CVE-2025-24427
11 Feb 2025 — Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vuln... • https://helpx.adobe.com/security/products/magento/apsb25-08.html • CWE-284: Improper Access Control •