CVE-2024-45127

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Published: Oct 10, 2024
Updated: May 4, 2025
CVE: CVE-2024-45127
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.8
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
adobe / commerce	2.3.7-p1	2.3.7-p1.x
adobe / commerce	2.4.3-p1	2.4.3-p1.x
adobe / commerce	2.4.2-p2	2.4.2-p2.x
adobe / commerce	2.4.3	2.4.3.x
adobe / commerce	2.4.2	2.4.2.x
adobe / commerce	2.4.1	2.4.1.x
adobe / commerce	2.3.7	2.3.7.x
adobe / commerce	2.3.7-p2	2.3.7-p2.x
adobe / commerce	2.3.7-p3	2.3.7-p3.x
adobe / commerce	2.4.0	2.4.0.x
adobe / commerce	2.4.2-p1	2.4.2-p1.x
adobe / commerce	2.4.3-p2	2.4.3-p2.x
adobe / commerce	2.4.4	2.4.4.x
adobe / commerce	2.4.4-p1	2.4.4-p1.x
adobe / commerce	2.4.4-p2	2.4.4-p2.x
adobe / commerce	2.4.5	2.4.5.x
adobe / commerce	2.4.5-p1	2.4.5-p1.x
adobe / commerce	2.3.7-p4	2.3.7-p4.x
adobe / commerce	2.3.7-p4-ext1	2.3.7-p4-ext1.x
adobe / commerce	2.3.7-p4-ext2	2.3.7-p4-ext2.x
adobe / commerce	2.4.0-ext-1	2.4.0-ext-1.x
adobe / commerce	2.4.0-ext-2	2.4.0-ext-2.x
adobe / commerce	2.4.1-ext-1	2.4.1-ext-1.x
adobe / commerce	2.4.1-ext-2	2.4.1-ext-2.x
adobe / commerce	2.4.2-ext-1	2.4.2-ext-1.x
adobe / commerce	2.4.2-ext-2	2.4.2-ext-2.x
adobe / commerce	2.4.3-ext-2	2.4.3-ext-2.x
adobe / commerce	2.4.4-p3	2.4.4-p3.x
adobe / commerce	2.4.5-p2	2.4.5-p2.x
adobe / commerce	2.4.6	2.4.6.x
adobe / magento	2.4.4	2.4.4.x
adobe / magento	2.4.4-p1	2.4.4-p1.x
adobe / magento	2.4.4-p2	2.4.4-p2.x
adobe / magento	2.4.4-p3	2.4.4-p3.x
adobe / magento	2.4.5	2.4.5.x
adobe / magento	2.4.5-p1	2.4.5-p1.x
adobe / magento	2.4.5-p2	2.4.5-p2.x
adobe / magento	2.4.6	2.4.6.x
adobe / commerce	2.3.7-p4-ext3	2.3.7-p4-ext3.x
adobe / commerce	2.3.7-p4-ext4	2.3.7-p4-ext4.x
adobe / commerce	2.4.0-ext-3	2.4.0-ext-3.x
adobe / commerce	2.4.0-ext-4	2.4.0-ext-4.x
adobe / commerce	2.4.1-ext-3	2.4.1-ext-3.x
adobe / commerce	2.4.1-ext-4	2.4.1-ext-4.x
adobe / commerce	2.4.2-ext-3	2.4.2-ext-3.x
adobe / commerce	2.4.2-ext-4	2.4.2-ext-4.x
adobe / commerce	2.4.3-ext-1	2.4.3-ext-1.x
adobe / commerce	2.4.3-ext-3	2.4.3-ext-3.x
adobe / commerce	2.4.3-ext-4	2.4.3-ext-4.x
adobe / commerce	2.4.4-p4	2.4.4-p4.x
adobe / commerce	2.4.4-p5	2.4.4-p5.x
adobe / commerce	2.4.4-p6	2.4.4-p6.x
adobe / commerce	2.4.4-p7	2.4.4-p7.x
adobe / commerce	2.4.4-p8	2.4.4-p8.x
adobe / commerce	2.4.4-p9	2.4.4-p9.x
adobe / commerce	2.4.5-p3	2.4.5-p3.x
adobe / commerce	2.4.5-p4	2.4.5-p4.x
adobe / commerce	2.4.5-p5	2.4.5-p5.x
adobe / commerce	2.4.5-p6	2.4.5-p6.x
adobe / commerce	2.4.5-p7	2.4.5-p7.x
adobe / commerce	2.4.6-p1	2.4.6-p1.x
adobe / commerce	2.4.6-p2	2.4.6-p2.x
adobe / commerce	2.4.6-p3	2.4.6-p3.x
adobe / commerce	2.4.6-p4	2.4.6-p4.x
adobe / commerce	2.4.6-p5	2.4.6-p5.x
adobe / commerce	2.4.6-p6	2.4.6-p6.x
adobe / commerce	2.4.7	2.4.7.x
adobe / commerce	2.4.7-b1	2.4.7-b1.x
adobe / commerce	2.4.7-b2	2.4.7-b2.x
adobe / commerce	2.4.7-p1	2.4.7-p1.x
adobe / magento	2.4.4-p4	2.4.4-p4.x
adobe / magento	2.4.4-p5	2.4.4-p5.x
adobe / magento	2.4.4-p6	2.4.4-p6.x
adobe / magento	2.4.4-p7	2.4.4-p7.x
adobe / magento	2.4.4-p8	2.4.4-p8.x
adobe / magento	2.4.5-p3	2.4.5-p3.x
adobe / magento	2.4.5-p4	2.4.5-p4.x
adobe / magento	2.4.5-p5	2.4.5-p5.x
adobe / magento	2.4.5-p6	2.4.5-p6.x
adobe / magento	2.4.5-p7	2.4.5-p7.x
adobe / magento	2.4.6-p1	2.4.6-p1.x
adobe / magento	2.4.6-p2	2.4.6-p2.x
adobe / magento	2.4.6-p3	2.4.6-p3.x
adobe / magento	2.4.6-p4	2.4.6-p4.x
adobe / magento	2.4.6-p5	2.4.6-p5.x
adobe / magento	2.4.7-b1	2.4.7-b1.x
adobe / commerce	2.4.4-p10	2.4.4-p10.x
adobe / commerce	2.4.5-p8	2.4.5-p8.x
adobe / commerce	2.4.5-p9	2.4.5-p9.x
adobe / commerce	2.4.6-p7	2.4.6-p7.x
adobe / commerce	2.4.7-p2	2.4.7-p2.x
adobe / commerce_b2b	1.3.3	1.3.3.x
adobe / commerce_b2b	1.3.3-p10	1.3.3-p10.x
adobe / commerce_b2b	1.3.4	1.3.4.x
adobe / commerce_b2b	1.3.4-p9	1.3.4-p9.x
adobe / commerce_b2b	1.3.5	1.3.5.x
adobe / commerce_b2b	1.3.5-p7	1.3.5-p7.x
adobe / commerce_b2b	1.4.2	1.4.2.x
adobe / commerce_b2b	1.4.2-p1	1.4.2-p1.x
adobe / commerce_b2b	1.4.2-p2	1.4.2-p2.x
adobe / magento	2.4.3	2.4.3.x
adobe / magento	2.4.4-p10	2.4.4-p10.x
adobe / magento	2.4.4-p9	2.4.4-p9.x
adobe / magento	2.4.5-p8	2.4.5-p8.x
adobe / magento	2.4.5-p9	2.4.5-p9.x
adobe / magento	2.4.6-p6	2.4.6-p6.x
adobe / magento	2.4.6-p7	2.4.6-p7.x
adobe / magento	2.4.7	2.4.7.x
adobe / magento	2.4.7-p1	2.4.7-p1.x
adobe / magento	2.4.7-p2	2.4.7-p2.x

https://helpx.adobe.com/security/products/magento/apsb24-73.html

Vulnerability Database

289,782

CVE-2024-45127