Adobe Magento vulnerability exposes users to stored XSS attacks
CVE-2024-52283

5.7MEDIUM

Key Information:

Vendor
Suse
Status
Hackweek
Vendor
CVE Published:
28 November 2024

Summary

Missing sanitation of inputs allowed arbitrary users to conduct a stored XSS attack that triggers for users that view a certain project

Affected Version(s)

hackweek 0 < 8d2b6bda67bd0f1914cb0851b8ae71b73e26b156

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52283

CVSS V3.1

Score:
5.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Emanuele Cappello and Andrea Mattiazzo of SUSE
.