Vulnerabilities > Adobe
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-14 | CVE-2024-39400 | Cross-site Scripting vulnerability in Adobe Commerce Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 8.1 |
| 2024-08-14 | CVE-2024-39401 | OS Command Injection vulnerability in Adobe Commerce Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. | 8.4 |
| 2024-08-14 | CVE-2024-39402 | OS Command Injection vulnerability in Adobe Commerce Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. | 8.4 |
| 2024-08-14 | CVE-2024-39403 | Cross-site Scripting vulnerability in Adobe Commerce Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. | 7.6 |
| 2024-08-14 | CVE-2024-39404 | Unspecified vulnerability in Adobe Commerce Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. | 4.3 |
| 2024-08-14 | CVE-2024-39405 | Unspecified vulnerability in Adobe Commerce Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. | 4.3 |
| 2024-08-14 | CVE-2024-39406 | Path Traversal vulnerability in Adobe Commerce Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. | 6.8 |
| 2024-08-14 | CVE-2024-39407 | Unspecified vulnerability in Adobe Commerce Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. | 4.3 |
| 2024-08-14 | CVE-2024-39408 | Cross-Site Request Forgery (CSRF) vulnerability in Adobe Commerce Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. | 4.3 |
| 2024-08-14 | CVE-2024-39409 | Cross-Site Request Forgery (CSRF) vulnerability in Adobe Commerce Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. | 4.3 |