CVE-2024-45123 MEDIUM

CVE-2024-45123: Adobe Commerce | Cross-site Scripting (Reflected XSS) (CWE-79)

Vendor Adobe

Product Adobe Commerce

Weakness CWE-79 · XSS

Published October 10, 2024

Last update October 10, 2024

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Key dates

02Disclosure timeline

October 10, 2024 CVE published

October 10, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-45123 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-4643 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2026-3142 Pinterest Site Verification plugin using Meta Tag <= 1.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'post_var' CVE-2024-5613 Formula <= 0.5.1 - Reflected Cross-Site Scripting via quality_customizer_notify_dismiss_action CVE-2021-23854 Reflected XSS in page parameter CVE-2023-28932 WordPress WPMobile.App Plugin <= 11.20 is vulnerable to Cross Site Scripting (XSS)