6.1
CVE-2024-45123
- EPSS 0.42%
- Published 10.10.2024 10:15:05
- Last modified 10.10.2024 21:34:32
- Source psirt@adobe.com
- Teams watchlist Login
- Open Login
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
Data is provided by the National Vulnerability Database (NVD)
Adobe ≫ Commerce B2b Version1.3.3 Update-
Adobe ≫ Commerce B2b Version1.3.3 Updatep10
Adobe ≫ Commerce B2b Version1.3.4 Update-
Adobe ≫ Commerce B2b Version1.3.4 Updatep9
Adobe ≫ Commerce B2b Version1.3.5 Update-
Adobe ≫ Commerce B2b Version1.3.5 Updatep7
Adobe ≫ Commerce B2b Version1.4.2 Update-
Adobe ≫ Commerce B2b Version1.4.2 Updatep1
Adobe ≫ Commerce B2b Version1.4.2 Updatep2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.42% | 0.61 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| psirt@adobe.com | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.