Adobe Commerce Vulnerable to Stored XSS Attacks
CVE-2024-20719

9.1CRITICAL

Key Information:

Vendor
Adobe
Status
Adobe Commerce
Vendor
CVE Published:
15 February 2024

Badges

πŸ‘Ύ Exploit ExistsπŸ“° News Worthy

Summary

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6, and earlier versions are impacted by a stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers with administrative privileges to inject malicious JavaScript into any admin page. When a victim accesses a compromised page, this injected script can run in their browser, posing serious security risks including the potential for unauthorized admin access and manipulation of site content. Organizations using affected versions are urged to apply the necessary patches to safeguard their systems against this vulnerability.

Affected Version(s)

Adobe Commerce 0 <= 2.4.4-p6

News Articles

favicon imageCyberSRC

Attention Adobe Commerce Users: Critical Vulnerabilities Threaten Your Store (CVE-2024-20719 & 20720) - CyberSRC

Running an online store with Adobe Commerce? Two critical vulnerabilities – CVE-2024-20719 and CVE-2024-20720 – demand immediate attention. These vulnerabilities could allow attackers to compromise your...

11 months ago

References

https://helpx.adobe.com/security/products/magento/apsb24-...
vendor-advisory

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by CyberSRC

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 News Article(s)
.