Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/20xxx/CVE-2024-20719.json",
"cna_assigner": "adobe",
"cwe_ids": [
"CWE-79"
],
"unresolved_ranges": [
{
"extracted_events": [
{
"last_affected": "2.4.4-p6"
}
],
"source": "AFFECTED_FIELD"
}
]
}{
"cpe": [
"cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "2.4.4-NA"
},
{
"last_affected": "2.4.4-NA"
},
{
"introduced": "2.4.4-p1"
},
{
"last_affected": "2.4.4-p1"
},
{
"introduced": "2.4.4-p2"
},
{
"last_affected": "2.4.4-p2"
},
{
"introduced": "2.4.4-p3"
},
{
"last_affected": "2.4.4-p3"
},
{
"introduced": "2.4.4-p4"
},
{
"last_affected": "2.4.4-p4"
},
{
"introduced": "2.4.4-p5"
},
{
"last_affected": "2.4.4-p5"
},
{
"introduced": "2.4.4-p6"
},
{
"last_affected": "2.4.4-p6"
},
{
"introduced": "2.4.5-NA"
},
{
"last_affected": "2.4.5-NA"
},
{
"introduced": "2.4.5-p1"
},
{
"last_affected": "2.4.5-p1"
},
{
"introduced": "2.4.5-p2"
},
{
"last_affected": "2.4.5-p2"
},
{
"introduced": "2.4.5-p3"
},
{
"last_affected": "2.4.5-p3"
},
{
"introduced": "2.4.5-p4"
},
{
"last_affected": "2.4.5-p4"
},
{
"introduced": "2.4.5-p5"
},
{
"last_affected": "2.4.5-p5"
},
{
"introduced": "2.4.6-NA"
},
{
"last_affected": "2.4.6-NA"
},
{
"introduced": "2.4.6-p1"
},
{
"last_affected": "2.4.6-p1"
},
{
"introduced": "2.4.6-p2"
},
{
"last_affected": "2.4.6-p2"
},
{
"introduced": "2.4.6-p3"
},
{
"last_affected": "2.4.6-p3"
}
],
"source": "CPE_STRING"
}