How severe is CVE-2024-39400?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2024-39400?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2024-39400 - HIGH Severity | CVSS 8.1

Vulnerability Description

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. Confidentiality and integrity impact is high as it affects other admin accounts.

Related Vulnerabilities

CVE-2017-8899

HIGH

CVSS:8.1(High)

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by...

CWE-792017

CVE-2019-10905

HIGH

CVSS:8.1(High)

Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script (already running on the affected page) executes the c...

CWE-792019

CVE-2019-11215

HIGH

CVSS:8.1(High)

In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many con...

CWE-792019

CVE-2019-17337

HIGH

CVSS:8.1(High)

The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker t...

CWE-792019

CVE-2019-19821

HIGH

CVSS:8.1(High)

A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not ...

CWE-792019

CVE-2020-15273

HIGH

CVSS:8.1(High)

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registrat...

CWE-792020