Home > Vulnerability Database > CVE-2023-38219

Mend.io Vulnerability Database

CVE-2023-38219

Good to know:

Date: October 13, 2023

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact.

Severity Score

8.7

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-38219

Url: https://github.com/magento/magento2

Url: https://helpx.adobe.com/security/products/magento/apsb23-50.html

Url: https://www.mend.io/vulnerability-database/CVE-2023-38219

Severity Score

8.7

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version magento/community-edition - 2.4.4-p6;magento/community-edition - 2.4.5-p5;magento/community-edition - 2.4.6-p3;magento/community-edition - 2.4.7-beta2

Learn More

CVSS v3.1

Base Score:	8.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-38219

Good to know:

Date: October 13, 2023

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?