CVE-2024-34105

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Published: Jun 13, 2024
Updated: May 4, 2025
CVE: CVE-2024-34105
GHSA: GHSA-5632-wq7m-gfq9
Severity: Medium
Exploit:

CVSS v3:

Severity: Low
Score: 4.8
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
adobe / commerce	2.3.7-p1	2.3.7-p1.x
adobe / commerce	2.4.3	2.4.3.x
adobe / commerce	2.3.7-p2	2.3.7-p2.x
adobe / commerce	2.4.4	2.4.4.x
adobe / commerce	2.3.7	2.3.7.x
adobe / commerce	2.3.7-p3	2.3.7-p3.x
adobe / commerce	2.4.5	2.4.5.x
adobe / commerce	2.4.4-p1	2.4.4-p1.x
adobe / commerce	2.4.5-p1	2.4.5-p1.x
adobe / commerce	2.4.4-p2	2.4.4-p2.x
adobe / commerce	2.4.5-p2	2.4.5-p2.x
adobe / commerce	2.4.4-p3	2.4.4-p3.x
adobe / commerce	2.4.6	2.4.6.x
adobe / magento	2.4.4	2.4.4.x
adobe / magento	2.4.4-p1	2.4.4-p1.x
adobe / magento	2.4.4-p2	2.4.4-p2.x
adobe / magento	2.4.4-p3	2.4.4-p3.x
adobe / magento	2.4.5	2.4.5.x
adobe / magento	2.4.5-p1	2.4.5-p1.x
adobe / magento	2.4.5-p2	2.4.5-p2.x
adobe / magento	2.4.6	2.4.6.x
adobe / commerce	2.3.7-p4-ext2	2.3.7-p4-ext2.x
adobe / commerce	2.3.7-p4-ext1	2.3.7-p4-ext1.x
adobe / commerce	2.3.7-p4	2.3.7-p4.x
adobe / commerce	2.4.0	2.4.0.x
adobe / commerce	2.4.0-ext-1	2.4.0-ext-1.x
adobe / commerce	2.4.0-ext-2	2.4.0-ext-2.x
adobe / commerce	2.4.1	2.4.1.x
adobe / commerce	2.4.1-ext-1	2.4.1-ext-1.x
adobe / commerce	2.4.1-ext-2	2.4.1-ext-2.x
adobe / commerce	2.4.2	2.4.2.x
adobe / commerce	2.4.2-ext-1	2.4.2-ext-1.x
adobe / commerce	2.4.2-ext-2	2.4.2-ext-2.x
adobe / commerce	2.4.3-ext-2	2.4.3-ext-2.x
adobe / commerce	2.4.3-ext-1	2.4.3-ext-1.x
adobe / commerce	2.4.4-p4	2.4.4-p4.x
adobe / commerce	2.4.5-p3	2.4.5-p3.x
adobe / commerce	2.4.6-p1	2.4.6-p1.x
adobe / magento	2.4.6-p2	2.4.6-p2.x
adobe / magento	2.4.6-p1	2.4.6-p1.x
adobe / magento	2.4.7-b1	2.4.7-b1.x
adobe / commerce	2.4.5-p4	2.4.5-p4.x
adobe / magento	2.4.5-p3	2.4.5-p3.x
adobe / magento	2.4.5-p4	2.4.5-p4.x
adobe / commerce	2.4.4-p5	2.4.4-p5.x
adobe / commerce	2.4.5-p5	2.4.5-p5.x
adobe / commerce	2.4.6-p2	2.4.6-p2.x
adobe / commerce	2.4.3-ext-4	2.4.3-ext-4.x
adobe / commerce	2.4.3-ext-3	2.4.3-ext-3.x
adobe / commerce	2.4.2-ext-4	2.4.2-ext-4.x
adobe / commerce	2.4.2-ext-3	2.4.2-ext-3.x
adobe / commerce	2.4.1-ext-4	2.4.1-ext-4.x
adobe / commerce	2.4.1-ext-3	2.4.1-ext-3.x
adobe / commerce	2.4.0-ext-4	2.4.0-ext-4.x
adobe / commerce	2.4.0-ext-3	2.4.0-ext-3.x
adobe / commerce	2.3.7-p4-ext4	2.3.7-p4-ext4.x
adobe / commerce	2.3.7-p4-ext3	2.3.7-p4-ext3.x
adobe / commerce	2.4.6-p3	2.4.6-p3.x
adobe / commerce	2.4.4-p6	2.4.4-p6.x
adobe / magento	2.4.6-p4	2.4.6-p4.x
adobe / magento	2.4.6-p5	2.4.6-p5.x
adobe / magento	2.4.5-p5	2.4.5-p5.x
adobe / magento	2.4.5-p6	2.4.5-p6.x
adobe / magento	2.4.5-p7	2.4.5-p7.x
adobe / magento	2.4.4-p7	2.4.4-p7.x
adobe / magento	2.4.4-p6	2.4.4-p6.x
adobe / magento	2.4.4-p5	2.4.4-p5.x
adobe / magento	2.4.4-p4	2.4.4-p4.x
adobe / magento	2.4.6-p3	2.4.6-p3.x
adobe / commerce_webhooks	1.2.0	1.4.0.x
adobe / magento	2.4.4-p8	2.4.4-p8.x
magento / community-edition	2.4.7	2.4.7.x
magento / community-edition	2.4.6	2.4.6.x
magento / community-edition	2.4.5	2.4.5.x
magento / community-edition	2.4.4	2.4.4.x
magento / community-edition	2.4.6-p1	2.4.6-p6
magento / community-edition	2.4.5-p1	2.4.5-p8
magento / community-edition	-	2.4.4-p9

Vulnerability Database

289,784

CVE-2024-34105