CVE-2024-39400 HIGH

CVE-2024-39400: DOM XSS through integrations can impact other admins

Vendor Adobe
Product Adobe Commerce
Weakness CWE-79 · XSS
Published August 14, 2024
Last update August 14, 2024

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. Confidentiality and integrity impact is high as it affects other admin accounts.

Key dates

02Disclosure timeline

August 14, 2024 CVE published
August 14, 2024 Record updated