CVSS: 9.1EPSS: 0%CPEs: 12EXPL: 0CVE-2022-24093 – Adobe Commerce post-auth improper input validation leads to remote code execution
https://notcve.org/view.php?id=CVE-2022-24093
12 Sep 2023 — Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution. Las versiones 2.4.3-p1 (y anteriores) y 2.3.7-p2 (y anteriores) de Adobe Commerce están afectadas por una vulnerabilidad de validación de entrada incorrecta. La explotación de este problema no requiere la interacción del usuario y podría dar lugar a... • https://helpx.adobe.com/security/products/magento/apsb22-13.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-22247 – Adobe Commerce XML Injection Arbitrary file system read
https://notcve.org/view.php?id=CVE-2023-22247
27 Mar 2023 — Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb23-17.html • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 4.8EPSS: 15%CPEs: 12EXPL: 0CVE-2023-22249 – Adobe Commerce Stored XSS Arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-22249
27 Mar 2023 — Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. • https://helpx.adobe.com/security/products/magento/apsb23-17.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0CVE-2023-22250 – Adobe Commerce Improper Access Control Security feature bypass
https://notcve.org/view.php?id=CVE-2023-22250
27 Mar 2023 — Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb23-17.html • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2023-22251 – Adobe Commerce Incorrect Authorization Security feature bypass
https://notcve.org/view.php?id=CVE-2023-22251
27 Mar 2023 — Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. A low-privileged authenticated attacker could leverage this vulnerability to achieve minor information disclosure. • https://helpx.adobe.com/security/products/magento/apsb23-17.html • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2022-35689 – Adobe Commerce Improper Access Control Security feature bypass
https://notcve.org/view.php?id=CVE-2022-35689
14 Oct 2022 — Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction. Adobe Commerce versiones 2.4.4-p1 (y anteriores) y 2.4.5 (y anteriores) están afectadas por una vulnerabilidad de Control de Acceso Inapropiado que podría resultar en una omi... • https://helpx.adobe.com/security/products/magento/apsb22-48.html • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 6%CPEs: 8EXPL: 1CVE-2022-35698 – Adobe Commerce Stored XSS Arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-35698
14 Oct 2022 — Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution. Adobe Commerce versiones 2.4.4-p1 (y anteriores) y 2.4.5 (y anteriores) están afectadas por una vulnerabilidad de tipo Cross-site Scripting Almacenado. No es requerida una interacción del usuario para la explotación de este problema y podría resultar ... • https://github.com/EmicoEcommerce/Magento-APSB22-48-Security-Patches • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-39864 – Adobe Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Cart Addition
https://notcve.org/view.php?id=CVE-2021-39864
15 Oct 2021 — Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) and 2.3.7p1 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized addition to customer cart by an unauthenticated attacker. Access to the admin console is not required for successful exploitation. Adobe Commerce versiones 2.4.2-p2 (y anteriores), 2.4.3 (y anteriores) y 2.3.7p1 (y anteriores), están afectadas por una vulnerabilidad de tipo... • https://helpx.adobe.com/security/products/magento/apsb21-86.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2021-36044 – Magento Commerce GraphQL Improper Input Validation Could Lead To Denial Of Service
https://notcve.org/view.php?id=CVE-2021-36044
01 Sep 2021 — Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-service using a GraphQL field. Magento Commerce versiones 2.4.2 (y anteriores), versiones 2.4.2-p1 (y anteriores), y versiones 2.3.7 (y anteriores), están afectadas por una vulnerabilidad de comprobación Inapropiada de Entrada. Un atacante no autenticado podría abus... • https://helpx.adobe.com/security/products/magento/apsb21-64.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 3%CPEs: 6EXPL: 0CVE-2021-36027 – Magento Commerce Stored Cross-site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2021-36027
01 Sep 2021 — Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Magento Commerce versiones 2.4.2 (y anteriores), versiones 2.4.2-p1 (y anteriores), y versiones 2.3.7 (y anteriores), están afectadas por una vu... • https://helpx.adobe.com/security/products/magento/apsb21-64.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •