CVSS: 5.3EPSS: 0%CPEs: 35EXPL: 0CVE-2023-29290 – Adobe Commerce Guest Cart Shipping Address Overwrite IDOR
https://notcve.org/view.php?id=CVE-2023-29290
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb23-35.html • CWE-353: Missing Support for Integrity Check •
CVSS: 6.5EPSS: 0%CPEs: 35EXPL: 0CVE-2023-29289 – Adobe Commerce XML Injection Security feature bypass
https://notcve.org/view.php?id=CVE-2023-29289
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb23-35.html • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 4.3EPSS: 0%CPEs: 35EXPL: 0CVE-2023-29296 – [Cloud] Customer suspects IDOR vulnerability
https://notcve.org/view.php?id=CVE-2023-29296
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb23-35.html • CWE-863: Incorrect Authorization •
CVSS: 2.7EPSS: 0%CPEs: 35EXPL: 0CVE-2023-29293 – Adobe Commerce | Improper Input Validation (CWE-20)
https://notcve.org/view.php?id=CVE-2023-29293
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb23-35.html • CWE-20: Improper Input Validation •
CVSS: 3.5EPSS: 0%CPEs: 15EXPL: 0CVE-2012-1639
https://notcve.org/view.php?id=CVE-2012-1639
Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) sku or (2) title parameters. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el módulo enproduct/commerce_product.module en el módulo Drupal Commerce para Drupal anteriores a v7.x-1.2, permite a atacantes remotos secuestrar la autenticación de los usuarios para inyectar comandos web o html a través de los parámetros (1) sku o (2) title. • http://drupal.org/node/1416824 http://drupalcode.org/project/commerce.git/blobdiff/45bc53875f1675750afe60e709a34c95e3008366..b74cdcd:/modules/product/commerce_product.module http://osvdb.org/78528 http://secunia.com/advisories/47730 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/51668 https://exchange.xforce.ibmcloud.com/vulnerabilities/72743 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •