Vulnerabilities > Adobe > Commerce

DATE CVE VULNERABILITY TITLE RISK
2024-02-15 CVE-2024-20718 Unspecified vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass.
network
low complexity
adobe
6.5
2024-02-15 CVE-2024-20719 Cross-site Scripting vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page.
network
low complexity
adobe CWE-79
critical
9.1
2023-10-13 CVE-2023-38219 Unspecified vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
network
low complexity
adobe
8.7
2023-10-13 CVE-2023-38221 Unspecified vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker.
network
high complexity
adobe
6.6
2023-10-13 CVE-2023-38249 Unspecified vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker.
network
high complexity
adobe
6.6
2023-10-13 CVE-2023-38250 Unspecified vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker.
network
high complexity
adobe
6.6
2023-09-12 CVE-2022-24093 Unspecified vulnerability in Adobe Commerce and Magento Open Source
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability.
network
low complexity
adobe
7.2
2023-08-09 CVE-2023-38208 Unspecified vulnerability in Adobe Commerce
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker.
network
low complexity
adobe
7.2
2023-08-09 CVE-2023-38209 Unspecified vulnerability in Adobe Commerce
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass.
network
low complexity
adobe
6.5
2023-06-15 CVE-2023-29289 Unspecified vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability.
network
low complexity
adobe
6.5