CVE-2024-39403

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality impact is high due to the attacker being able to exfiltrate sensitive information.

Published: Aug 14, 2024
Updated: Aug 15, 2024
CVE: CVE-2024-39403
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.6
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
adobe / commerce	2.4.4	2.4.4.x
adobe / commerce	2.4.5	2.4.5.x
adobe / commerce	2.4.4-p1	2.4.4-p1.x
adobe / commerce	2.4.5-p1	2.4.5-p1.x
adobe / commerce	2.4.4-p2	2.4.4-p2.x
adobe / commerce	2.4.5-p2	2.4.5-p2.x
adobe / commerce	2.4.4-p3	2.4.4-p3.x
adobe / commerce	2.4.6	2.4.6.x
adobe / commerce	2.4.4-p4	2.4.4-p4.x
adobe / commerce	2.4.5-p3	2.4.5-p3.x
adobe / commerce	2.4.6-p1	2.4.6-p1.x
adobe / commerce	2.4.5-p4	2.4.5-p4.x
adobe / commerce	2.4.4-p5	2.4.4-p5.x
adobe / commerce	2.4.7-b1	2.4.7-b1.x
adobe / commerce	2.4.5-p5	2.4.5-p5.x
adobe / commerce	2.4.6-p2	2.4.6-p2.x
adobe / commerce	2.4.6-p3	2.4.6-p3.x
adobe / commerce	2.4.4-p6	2.4.4-p6.x
adobe / commerce	2.4.4-p7	2.4.4-p7.x
adobe / commerce	2.4.4-p8	2.4.4-p8.x
adobe / commerce	2.4.4-p9	2.4.4-p9.x
adobe / commerce	2.4.7-b2	2.4.7-b2.x
adobe / commerce	2.4.7	2.4.7.x
adobe / commerce	2.4.7-p1	2.4.7-p1.x
adobe / commerce	2.4.6-p4	2.4.6-p4.x
adobe / commerce	2.4.6-p5	2.4.6-p5.x
adobe / commerce	2.4.6-p6	2.4.6-p6.x
adobe / commerce	2.4.5-p6	2.4.5-p6.x
adobe / commerce	2.4.5-p7	2.4.5-p7.x
adobe / commerce	2.4.5-p8	2.4.5-p8.x
adobe / commerce	-	2.4.3.x
adobe / magento	2.4.4	2.4.4.x
adobe / magento	2.4.4-p1	2.4.4-p1.x
adobe / magento	2.4.4-p2	2.4.4-p2.x
adobe / magento	2.4.4-p3	2.4.4-p3.x
adobe / magento	2.4.5	2.4.5.x
adobe / magento	2.4.5-p1	2.4.5-p1.x
adobe / magento	2.4.5-p2	2.4.5-p2.x
adobe / magento	2.4.6	2.4.6.x
adobe / magento	2.4.6-p2	2.4.6-p2.x
adobe / magento	2.4.6-p1	2.4.6-p1.x
adobe / magento	2.4.7-b1	2.4.7-b1.x
adobe / magento	2.4.5-p3	2.4.5-p3.x
adobe / magento	2.4.5-p4	2.4.5-p4.x
adobe / magento	2.4.6-p4	2.4.6-p4.x
adobe / magento	2.4.6-p5	2.4.6-p5.x
adobe / magento	2.4.5-p5	2.4.5-p5.x
adobe / magento	2.4.5-p6	2.4.5-p6.x
adobe / magento	2.4.5-p7	2.4.5-p7.x
adobe / magento	2.4.4-p7	2.4.4-p7.x
adobe / magento	2.4.4-p6	2.4.4-p6.x
adobe / magento	2.4.4-p5	2.4.4-p5.x
adobe / magento	2.4.4-p4	2.4.4-p4.x
adobe / magento	2.4.6-p3	2.4.6-p3.x
adobe / magento	2.4.4-p8	2.4.4-p8.x
adobe / magento	2.4.7-b2	2.4.7-b2.x
adobe / magento	2.4.7-p1	2.4.7-p1.x
adobe / magento	2.4.7	2.4.7.x
adobe / magento	2.4.6-p6	2.4.6-p6.x
adobe / magento	2.4.5-p8	2.4.5-p8.x
adobe / magento	2.4.4-p9	2.4.4-p9.x
adobe / magento	-	2.4.3.x

https://helpx.adobe.com/security/products/magento/apsb24-61.html

Vulnerability Database

289,784

CVE-2024-39403