CVE-2024-20759

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Apr 10, 2024

CWE ID 79

Summary

CVE-2024-20759 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3, and earlier. This issue allows high-privileged attackers to inject malicious scripts into vulnerable form fields. When a victim browses the page with the affected form, the malicious JavaScript code is executed in their browser. The significance of this vulnerability lies in its potential to compromise both confidentiality and integrity, as an attacker can gain admin access.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vS3gBb
https://www.cve.org/CVERecord?id=CVE-2024-20759
https://nvd.nist.gov/vuln/detail/CVE-2024-20759

Back to Vulnerability Database

CVE-2024-20759

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations