Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-29289

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction.

Published

2023-06-15T19:15:10.743

Last Modified

2024-11-21T07:56:48.313

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses
  • Type: Primary
    CWE-91
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application adobe commerce 2.3.7 Yes
Application adobe commerce 2.3.7 Yes
Application adobe commerce 2.3.7 Yes
Application adobe commerce 2.3.7 Yes
Application adobe commerce 2.3.7 Yes
Application adobe commerce 2.3.7 Yes
Application adobe commerce 2.3.7 Yes
Application adobe commerce 2.4.0 Yes
Application adobe commerce 2.4.0 Yes
Application adobe commerce 2.4.0 Yes
Application adobe commerce 2.4.1 Yes
Application adobe commerce 2.4.1 Yes
Application adobe commerce 2.4.1 Yes
Application adobe commerce 2.4.2 Yes
Application adobe commerce 2.4.2 Yes
Application adobe commerce 2.4.2 Yes
Application adobe commerce 2.4.3 Yes
Application adobe commerce 2.4.3 Yes
Application adobe commerce 2.4.3 Yes
Application adobe commerce 2.4.4 Yes
Application adobe commerce 2.4.4 Yes
Application adobe commerce 2.4.4 Yes
Application adobe commerce 2.4.4 Yes
Application adobe commerce 2.4.5 Yes
Application adobe commerce 2.4.5 Yes
Application adobe commerce 2.4.5 Yes
Application adobe commerce 2.4.6 Yes
Application adobe magento 2.4.4 Yes
Application adobe magento 2.4.4 Yes
Application adobe magento 2.4.4 Yes
Application adobe magento 2.4.4 Yes
Application adobe magento 2.4.5 Yes
Application adobe magento 2.4.5 Yes
Application adobe magento 2.4.5 Yes
Application adobe magento 2.4.6 Yes
References