What is the severity of CVE-2024-20719?

CVE-2024-20719 is classified as a stored Cross-Site Scripting (XSS) vulnerability.

How do I fix CVE-2024-20719?

To fix CVE-2024-20719, upgrade to Adobe Commerce version 2.4.6-p4 or later.

Which versions are affected by CVE-2024-20719?

CVE-2024-20719 affects Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6, and earlier versions.

What types of attacks can CVE-2024-20719 facilitate?

CVE-2024-20719 can facilitate attacks that allow admin attackers to inject malicious scripts into admin pages.

Is CVE-2024-20719 considered critical?

While the severity can vary based on context, CVE-2024-20719 poses significant risks due to its potential for XSS attacks.

Vulnerability/
CVE-2024-20719

critical

9.1

CWE

15/2/2024

1/8/2024

CVE-2024-20719: [Adobe Commerce] Stored XSS from low privileged admin user on every admin page, bypassing CVE-2023-29297

First published: Thu Feb 15 2024(Updated: )

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe Magento Commerce	=2.4.4
Adobe Magento Commerce	=2.4.4-p1
Adobe Magento Commerce	=2.4.4-p2
Adobe Magento Commerce	=2.4.4-p3
Adobe Magento Commerce	=2.4.4-p4
Adobe Magento Commerce	=2.4.4-p5
Adobe Magento Commerce	=2.4.4-p6
Adobe Magento Commerce	=2.4.5
Adobe Magento Commerce	=2.4.5-p1
Adobe Magento Commerce	=2.4.5-p2
Adobe Magento Commerce	=2.4.5-p3
Adobe Magento Commerce	=2.4.5-p4
Adobe Magento Commerce	=2.4.5-p5
Adobe Magento Commerce	=2.4.6
Adobe Magento Commerce	=2.4.6-p1
Adobe Magento Commerce	=2.4.6-p2
Adobe Magento Commerce	=2.4.6-p3

Never miss a vulnerability like this again

Reference Links

https://helpx.adobe.com/security/products/magento/apsb24-03.html

Frequently Asked Questions

What is the severity of CVE-2024-20719?
CVE-2024-20719 is classified as a stored Cross-Site Scripting (XSS) vulnerability.
How do I fix CVE-2024-20719?
To fix CVE-2024-20719, upgrade to Adobe Commerce version 2.4.6-p4 or later.
Which versions are affected by CVE-2024-20719?
CVE-2024-20719 affects Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6, and earlier versions.
What types of attacks can CVE-2024-20719 facilitate?
CVE-2024-20719 can facilitate attacks that allow admin attackers to inject malicious scripts into admin pages.
Is CVE-2024-20719 considered critical?
While the severity can vary based on context, CVE-2024-20719 poses significant risks due to its potential for XSS attacks.

agent/weakness
agent/references
agent/title
agent/description
agent/type
agent/first-publish-date
agent/severity
agent/author
agent/event
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/adobe
canonical/adobe magento commerce
version/adobe magento commerce/2.4.4
version/adobe magento commerce/2.4.4-p1
version/adobe magento commerce/2.4.4-p2
version/adobe magento commerce/2.4.4-p3
version/adobe magento commerce/2.4.4-p4
version/adobe magento commerce/2.4.4-p5
version/adobe magento commerce/2.4.4-p6
version/adobe magento commerce/2.4.5
version/adobe magento commerce/2.4.5-p1
version/adobe magento commerce/2.4.5-p2
version/adobe magento commerce/2.4.5-p3
version/adobe magento commerce/2.4.5-p4
version/adobe magento commerce/2.4.5-p5
version/adobe magento commerce/2.4.6
version/adobe magento commerce/2.4.6-p1
version/adobe magento commerce/2.4.6-p2
version/adobe magento commerce/2.4.6-p3

Frequently Asked Questions

What is the severity of CVE-2024-20719?
CVE-2024-20719 is classified as a stored Cross-Site Scripting (XSS) vulnerability.
How do I fix CVE-2024-20719?
To fix CVE-2024-20719, upgrade to Adobe Commerce version 2.4.6-p4 or later.
Which versions are affected by CVE-2024-20719?
CVE-2024-20719 affects Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6, and earlier versions.
What types of attacks can CVE-2024-20719 facilitate?
CVE-2024-20719 can facilitate attacks that allow admin attackers to inject malicious scripts into admin pages.
Is CVE-2024-20719 considered critical?
While the severity can vary based on context, CVE-2024-20719 poses significant risks due to its potential for XSS attacks.

CVE-2024-20719: [Adobe Commerce] Stored XSS from low privileged admin user on every admin page, bypassing CVE-2023-29297

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-20719?

How do I fix CVE-2024-20719?

Which versions are affected by CVE-2024-20719?

What types of attacks can CVE-2024-20719 facilitate?

Is CVE-2024-20719 considered critical?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2024-20719?

How do I fix CVE-2024-20719?

Which versions are affected by CVE-2024-20719?

What types of attacks can CVE-2024-20719 facilitate?

Is CVE-2024-20719 considered critical?