CVE-2024-39400: DOM XSS through integrations can impact other admins
First published: Wed Aug 14 2024(Updated: )
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. Confidentiality and integrity impact is high as it affects other admin accounts.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Magento Commerce | <=2.4.3 | |
| Adobe Magento Commerce | =2.4.4 | |
| Adobe Magento Commerce | =2.4.4-p1 | |
| Adobe Magento Commerce | =2.4.4-p2 | |
| Adobe Magento Commerce | =2.4.4-p3 | |
| Adobe Magento Commerce | =2.4.4-p4 | |
| Adobe Magento Commerce | =2.4.4-p5 | |
| Adobe Magento Commerce | =2.4.4-p6 | |
| Adobe Magento Commerce | =2.4.4-p7 | |
| Adobe Magento Commerce | =2.4.4-p8 | |
| Adobe Magento Commerce | =2.4.4-p9 | |
| Adobe Magento Commerce | =2.4.5 | |
| Adobe Magento Commerce | =2.4.5-p1 | |
| Adobe Magento Commerce | =2.4.5-p2 | |
| Adobe Magento Commerce | =2.4.5-p3 | |
| Adobe Magento Commerce | =2.4.5-p4 | |
| Adobe Magento Commerce | =2.4.5-p5 | |
| Adobe Magento Commerce | =2.4.5-p6 | |
| Adobe Magento Commerce | =2.4.5-p7 | |
| Adobe Magento Commerce | =2.4.5-p8 | |
| Adobe Magento Commerce | =2.4.6 | |
| Adobe Magento Commerce | =2.4.6-p1 | |
| Adobe Magento Commerce | =2.4.6-p2 | |
| Adobe Magento Commerce | =2.4.6-p3 | |
| Adobe Magento Commerce | =2.4.6-p4 | |
| Adobe Magento Commerce | =2.4.6-p5 | |
| Adobe Magento Commerce | =2.4.6-p6 | |
| Adobe Magento Commerce | =2.4.7 | |
| Adobe Magento Commerce | =2.4.7-b1 | |
| Adobe Magento Commerce | =2.4.7-b2 | |
| Adobe Magento Commerce | =2.4.7-p1 | |
| Magento | <=2.4.3 | |
| Magento | =2.4.4 | |
| Magento | =2.4.4-p1 | |
| Magento | =2.4.4-p2 | |
| Magento | =2.4.4-p3 | |
| Magento | =2.4.4-p4 | |
| Magento | =2.4.4-p5 | |
| Magento | =2.4.4-p6 | |
| Magento | =2.4.4-p7 | |
| Magento | =2.4.4-p8 | |
| Magento | =2.4.4-p9 | |
| Magento | =2.4.5 | |
| Magento | =2.4.5-p1 | |
| Magento | =2.4.5-p2 | |
| Magento | =2.4.5-p3 | |
| Magento | =2.4.5-p4 | |
| Magento | =2.4.5-p5 | |
| Magento | =2.4.5-p6 | |
| Magento | =2.4.5-p7 | |
| Magento | =2.4.5-p8 | |
| Magento | =2.4.6 | |
| Magento | =2.4.6-p1 | |
| Magento | =2.4.6-p2 | |
| Magento | =2.4.6-p3 | |
| Magento | =2.4.6-p4 | |
| Magento | =2.4.6-p5 | |
| Magento | =2.4.6-p6 | |
| Magento | =2.4.7 | |
| Magento | =2.4.7-b1 | |
| Magento | =2.4.7-b2 | |
| Magento | =2.4.7-p1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-39400?
CVE-2024-39400 has been classified as a critical vulnerability due to its potential for arbitrary JavaScript code execution.
How do I fix CVE-2024-39400?
To remediate CVE-2024-39400, you should update Adobe Commerce to the latest version provided by Adobe that resolves this vulnerability.
Which Adobe Commerce versions are affected by CVE-2024-39400?
CVE-2024-39400 affects Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and earlier versions.
Can CVE-2024-39400 be exploited by non-admin users?
No, CVE-2024-39400 can be exploited only by admin attackers due to the nature of the vulnerability.
What type of vulnerability is CVE-2024-39400?
CVE-2024-39400 is a DOM-based Cross-Site Scripting (XSS) vulnerability.
- agent/title
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/severity
- agent/event
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe magento commerce
- version/adobe magento commerce/2.4.3
- version/adobe magento commerce/2.4.4
- version/adobe magento commerce/2.4.4-p1
- version/adobe magento commerce/2.4.4-p2
- version/adobe magento commerce/2.4.4-p3
- version/adobe magento commerce/2.4.4-p4
- version/adobe magento commerce/2.4.4-p5
- version/adobe magento commerce/2.4.4-p6
- version/adobe magento commerce/2.4.4-p7
- version/adobe magento commerce/2.4.4-p8
- version/adobe magento commerce/2.4.4-p9
- version/adobe magento commerce/2.4.5
- version/adobe magento commerce/2.4.5-p1
- version/adobe magento commerce/2.4.5-p2
- version/adobe magento commerce/2.4.5-p3
- version/adobe magento commerce/2.4.5-p4
- version/adobe magento commerce/2.4.5-p5
- version/adobe magento commerce/2.4.5-p6
- version/adobe magento commerce/2.4.5-p7
- version/adobe magento commerce/2.4.5-p8
- version/adobe magento commerce/2.4.6
- version/adobe magento commerce/2.4.6-p1
- version/adobe magento commerce/2.4.6-p2
- version/adobe magento commerce/2.4.6-p3
- version/adobe magento commerce/2.4.6-p4
- version/adobe magento commerce/2.4.6-p5
- version/adobe magento commerce/2.4.6-p6
- version/adobe magento commerce/2.4.7
- version/adobe magento commerce/2.4.7-b1
- version/adobe magento commerce/2.4.7-b2
- version/adobe magento commerce/2.4.7-p1
- canonical/magento
- version/magento/2.4.3
- version/magento/2.4.4
- version/magento/2.4.4-p1
- version/magento/2.4.4-p2
- version/magento/2.4.4-p3
- version/magento/2.4.4-p4
- version/magento/2.4.4-p5
- version/magento/2.4.4-p6
- version/magento/2.4.4-p7
- version/magento/2.4.4-p8
- version/magento/2.4.4-p9
- version/magento/2.4.5
- version/magento/2.4.5-p1
- version/magento/2.4.5-p2
- version/magento/2.4.5-p3
- version/magento/2.4.5-p4
- version/magento/2.4.5-p5
- version/magento/2.4.5-p6
- version/magento/2.4.5-p7
- version/magento/2.4.5-p8
- version/magento/2.4.6
- version/magento/2.4.6-p1
- version/magento/2.4.6-p2
- version/magento/2.4.6-p3
- version/magento/2.4.6-p4
- version/magento/2.4.6-p5
- version/magento/2.4.6-p6
- version/magento/2.4.7
- version/magento/2.4.7-b1
- version/magento/2.4.7-b2
- version/magento/2.4.7-p1