Vulnerabilities > Adobe > Commerce > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-13 | CVE-2023-38218 | Incorrect Authorization vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . | 8.8 |
| 2023-10-13 | CVE-2023-38219 | Cross-site Scripting vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. | 8.7 |
| 2023-10-13 | CVE-2023-38220 | Improper Authorization vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. | 7.5 |
| 2023-09-12 | CVE-2022-24093 | Improper Input Validation vulnerability in Adobe Commerce and Magento Open Source Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. | 7.2 |
| 2023-08-09 | CVE-2023-38207 | XML Injection (aka Blind XPath Injection) vulnerability in Adobe Commerce Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. | 7.5 |
| 2023-08-09 | CVE-2023-38208 | OS Command Injection vulnerability in Adobe Commerce Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. | 7.2 |
| 2023-06-15 | CVE-2023-22248 | Incorrect Authorization vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. | 7.5 |
| 2023-06-15 | CVE-2023-29297 | Unspecified vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. | 7.2 |
| 2022-10-20 | CVE-2022-42344 | Incorrect Authorization vulnerability in multiple products Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Incorrect Authorization vulnerability. | 8.8 |
| 2022-08-16 | CVE-2022-34253 | XML Injection (aka Blind XPath Injection) vulnerability in multiple products Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. | 7.2 |