CVE-2024-39403

HIGH Year: 2024
CVSS v3 Score
7.6
High
Weakness Type
CWE-79
View all →

Vulnerability Description

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality impact is high due to the attacker being able to exfiltrate sensitive information.

Related Vulnerabilities

CVE-2016-6641

HIGH
CVSS:7.6(High)

Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CWE-792016

CVE-2019-8987

HIGH
CVSS:7.6(High)

The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows...

CWE-792019

CVE-2020-14610

HIGH
CVSS:7.6(High)

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). The supported version that is affected is 12.2.9. Easily exploitable vulne...

CWE-792020

CVE-2020-15159

HIGH
CVSS:7.6(High)

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script fi...

CWE-792020

CVE-2020-35841

HIGH
CVSS:7.6(High)

Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 bef...

CWE-792020

CVE-2020-6847

HIGH
CVSS:7.6(High)

OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript.

CWE-792020