Total vulnerabilities in the database
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could be abused by an attacker to inject malicious scripts into the vulnerable endpoint. A low privileged attacker could leverage this vulnerability to read local files and to perform Stored XSS. Exploitation of this issue does not require user interaction.
| Software | From | Fixed in |
|---|---|---|
| adobe / commerce | 2.3.7-p1 | 2.3.7-p1.x |
| adobe / commerce | 2.4.3-p1 | 2.4.3-p1.x |
| adobe / commerce | 2.4.3 | 2.4.3.x |
| adobe / commerce | 2.3.7-p2 | 2.3.7-p2.x |
| magento / magento | 2.4.3-p1 | 2.4.3-p1.x |
| magento / magento | 2.4.3 | 2.4.3.x |
| magento / magento | 2.3.7-p2 | 2.3.7-p2.x |
| magento / magento | 2.3.7-p1 | 2.3.7-p1.x |
| magento / magento | 2.4.4 | 2.4.4.x |
| magento / magento | 2.4.3-p2 | 2.4.3-p2.x |
| magento / magento | 2.4.0 | 2.4.3 |
| magento / magento | 2.3.7-p3 | 2.3.7-p3.x |
| magento / magento | 2.3.0 | 2.3.7 |
| magento / magento | 2.3.7 | 2.3.7.x |
| adobe / commerce | 2.4.4 | 2.4.4.x |
| adobe / commerce | 2.4.3-p2 | 2.4.3-p2.x |
| adobe / commerce | 2.3.7 | 2.3.7.x |
| adobe / commerce | 2.4.0 | 2.4.3 |
| adobe / commerce | 2.3.7-p3 | 2.3.7-p3.x |
| adobe / commerce | 2.3.0 | 2.3.7 |