{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Commerce version 2.4.6-p2 ant\u00e9rieures \u00e0 2.4.6-p3",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Commerce version 2.4.7-beta1 ant\u00e9rieures \u00e0 2.4.7-beta2",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Commerce version 2.4.4-p5 ant\u00e9rieures \u00e0 2.4.4-p6",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Commerce version 2.4.3-ext-4 ant\u00e9rieures \u00e0 2.4.3-ext-5",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Commerce version 2.4.0-ext-4 ant\u00e9rieures \u00e0 2.4.0-ext-5",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Magento Open Source versions 2.4.5-p4 ant\u00e9rieures \u00e0 2.4.5-p5",
      "product": {
        "name": "Magento",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Commerce version 2.3.7-p4-ext-4 ant\u00e9rieures \u00e0 2.3.7-p4-ext-5",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Magento Open Source versions 2.4.7-beta1 ant\u00e9rieures \u00e0 2.4.7-beta2",
      "product": {
        "name": "Magento",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Magento Open Source versions 2.4.4-p5 ant\u00e9rieures \u00e0 2.4.4-p6",
      "product": {
        "name": "Magento",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Commerce version 2.4.1-ext-4 ant\u00e9rieures \u00e0 2.4.1-ext-5",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Commerce version 2.4.2-ext-4 ant\u00e9rieures \u00e0 2.4.2-ext-5",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Commerce version 2.4.5-p4 ant\u00e9rieures \u00e0 2.4.5-p5",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Magento Open Source versions 2.4.6-p2 ant\u00e9rieures \u00e0 2.4.6-p3",
      "product": {
        "name": "Magento",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-38249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38249"
    },
    {
      "name": "CVE-2023-26367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26367"
    },
    {
      "name": "CVE-2023-38251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38251"
    },
    {
      "name": "CVE-2023-26366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26366"
    },
    {
      "name": "CVE-2023-38221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38221"
    },
    {
      "name": "CVE-2023-38219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38219"
    },
    {
      "name": "CVE-2023-26368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26368"
    },
    {
      "name": "CVE-2023-38220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38220"
    },
    {
      "name": "CVE-2023-38218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38218"
    },
    {
      "name": "CVE-2023-38250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38250"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe\u00a0apsb23-50 du 10 octobre 2023",
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
    }
  ],
  "reference": "CERTFR-2023-AVI-0833",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-10-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Adobe\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0\ndistance (XSS), une \u00e9l\u00e9vation de privil\u00e8ges et une ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb23-50 du 10 octobre 2023",
      "url": null
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Commerce version 2.4.6-p2 ant\u00e9rieures \u00e0 2.4.6-p3",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Commerce version 2.4.7-beta1 ant\u00e9rieures \u00e0 2.4.7-beta2",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Commerce version 2.4.4-p5 ant\u00e9rieures \u00e0 2.4.4-p6",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Commerce version 2.4.3-ext-4 ant\u00e9rieures \u00e0 2.4.3-ext-5",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Commerce version 2.4.0-ext-4 ant\u00e9rieures \u00e0 2.4.0-ext-5",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Magento Open Source versions 2.4.5-p4 ant\u00e9rieures \u00e0 2.4.5-p5",
      "product": {
        "name": "Magento",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Commerce version 2.3.7-p4-ext-4 ant\u00e9rieures \u00e0 2.3.7-p4-ext-5",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Magento Open Source versions 2.4.7-beta1 ant\u00e9rieures \u00e0 2.4.7-beta2",
      "product": {
        "name": "Magento",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Magento Open Source versions 2.4.4-p5 ant\u00e9rieures \u00e0 2.4.4-p6",
      "product": {
        "name": "Magento",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Commerce version 2.4.1-ext-4 ant\u00e9rieures \u00e0 2.4.1-ext-5",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Commerce version 2.4.2-ext-4 ant\u00e9rieures \u00e0 2.4.2-ext-5",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Commerce version 2.4.5-p4 ant\u00e9rieures \u00e0 2.4.5-p5",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Magento Open Source versions 2.4.6-p2 ant\u00e9rieures \u00e0 2.4.6-p3",
      "product": {
        "name": "Magento",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-38249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38249"
    },
    {
      "name": "CVE-2023-26367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26367"
    },
    {
      "name": "CVE-2023-38251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38251"
    },
    {
      "name": "CVE-2023-26366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26366"
    },
    {
      "name": "CVE-2023-38221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38221"
    },
    {
      "name": "CVE-2023-38219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38219"
    },
    {
      "name": "CVE-2023-26368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26368"
    },
    {
      "name": "CVE-2023-38220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38220"
    },
    {
      "name": "CVE-2023-38218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38218"
    },
    {
      "name": "CVE-2023-38250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38250"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe\u00a0apsb23-50 du 10 octobre 2023",
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
    }
  ],
  "reference": "CERTFR-2023-AVI-0833",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-10-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Adobe\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0\ndistance (XSS), une \u00e9l\u00e9vation de privil\u00e8ges et une ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb23-50 du 10 octobre 2023",
      "url": null
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact."
    },
    {
      "lang": "es",
      "value": "Las versiones de Adobe Commerce 2.4.7-beta1 (y anteriores), 2.4.6-p2 (y anteriores), 2.4.5-p4 (y anteriores) y 2.4.4-p5 (y anteriores) se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada de la que un atacante con pocos privilegios podr\u00eda abusar para inyectar scripts maliciosos en campos de formulario vulnerables. Se puede ejecutar JavaScript malicioso en el navegador de la v\u00edctima cuando navega a la p\u00e1gina que contiene el campo vulnerable. El payload se almacena en un \u00e1rea de administraci\u00f3n, lo que genera un alto impacto en la confidencialidad y la integridad."
    }
  ],
  "id": "CVE-2023-38219",
  "lastModified": "2024-11-21T08:13:06.720",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-13T07:15:40.327",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

{
  "GSD": {
    "alias": "CVE-2023-38219",
    "id": "GSD-2023-38219"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-38219"
      ],
      "details": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact.",
      "id": "GSD-2023-38219",
      "modified": "2023-12-13T01:20:36.134342Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2023-38219",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Adobe Commerce",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThanOrEqual": "2.4.7-beta1",
                                "status": "affected",
                                "version": "0",
                                "versionType": "semver"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Adobe"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.7,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 8.7,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-79",
                "lang": "eng",
                "value": "Cross-site Scripting (Stored XSS) (CWE-79)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://helpx.adobe.com/security/products/magento/apsb23-50.html",
            "refsource": "MISC",
            "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2023-38219"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb23-50.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.3,
          "impactScore": 5.8
        }
      },
      "lastModifiedDate": "2023-10-14T01:47Z",
      "publishedDate": "2023-10-13T07:15Z"
    }
  }
}

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-38219",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-38219"
    }
  },
  "description": "Adobe Commerce\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u79cd\u9762\u5411\u5546\u5bb6\u548c\u54c1\u724c\u7684\u5168\u7403\u9886\u5148\u7684\u6570\u5b57\u5546\u52a1\u89e3\u51b3\u65b9\u6848\u3002\n\nAdobe Commerce 2.4.7\u7248\u672c\u4e4b\u524d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u7f3a\u4e4f\u6709\u6548\u8fc7\u6ee4\u4e0e\u8f6c\u4e49\uff0c\u4f4e\u6743\u9650\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u6076\u610f\u811a\u672c\u6ce8\u5165\u6613\u53d7\u653b\u51fb\u7684\u8868\u5355\u5b57\u6bb5\u4e2d\u3002\u5f53\u53d7\u5bb3\u8005\u6d4f\u89c8\u5305\u542b\u6613\u53d7\u653b\u51fb\u5b57\u6bb5\u7684\u9875\u9762\u65f6\uff0c\u6076\u610fJavaScript\u53ef\u80fd\u4f1a\u5728\u53d7\u5bb3\u8005\u7684\u6d4f\u89c8\u5668\u4e2d\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://helpx.adobe.com/security/products/magento/apsb23-50.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-82675",
  "openTime": "2023-11-02",
  "patchDescription": "Adobe Commerce\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u79cd\u9762\u5411\u5546\u5bb6\u548c\u54c1\u724c\u7684\u5168\u7403\u9886\u5148\u7684\u6570\u5b57\u5546\u52a1\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nAdobe Commerce 2.4.7\u7248\u672c\u4e4b\u524d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u7f3a\u4e4f\u6709\u6548\u8fc7\u6ee4\u4e0e\u8f6c\u4e49\uff0c\u4f4e\u6743\u9650\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u6076\u610f\u811a\u672c\u6ce8\u5165\u6613\u53d7\u653b\u51fb\u7684\u8868\u5355\u5b57\u6bb5\u4e2d\u3002\u5f53\u53d7\u5bb3\u8005\u6d4f\u89c8\u5305\u542b\u6613\u53d7\u653b\u51fb\u5b57\u6bb5\u7684\u9875\u9762\u65f6\uff0c\u6076\u610fJavaScript\u53ef\u80fd\u4f1a\u5728\u53d7\u5bb3\u8005\u7684\u6d4f\u89c8\u5668\u4e2d\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Commerce\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2023-82675\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Adobe Adobe Commerce \u003c2.4.7"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-38219",
  "serverity": "\u9ad8",
  "submitTime": "2023-10-17",
  "title": "Adobe Commerce\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2023-82675\uff09"
}

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.7-beta1"
            },
            {
              "fixed": "2.4.7-beta2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.4.7-beta1"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "versions": [
        "2.4.6"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "versions": [
        "2.4.5"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "versions": [
        "2.4.4"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.6-p1"
            },
            {
              "fixed": "2.4.6-p3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.5-p1"
            },
            {
              "fixed": "2.4.5-p5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.4-p1"
            },
            {
              "fixed": "2.4.4-p6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/project-community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-38219"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-04T18:24:16Z",
    "nvd_published_at": "2023-10-13T07:15:40Z",
    "severity": "LOW"
  },
  "details": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact.",
  "id": "GHSA-3j7w-jp46-9752",
  "modified": "2025-03-04T18:24:16Z",
  "published": "2023-10-13T09:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38219"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/magento/magento2"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Magento Open Source allows Cross-Site Scripting (XSS)"
}

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Magento ist ein Online-Shop System von Adobe.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Adobe Magento ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2619 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2619.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2619 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2619"
      },
      {
        "category": "external",
        "summary": "Adobe Security Bulletin APSB23-50 vom 2023-10-10",
        "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Adobe Magento: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-10-10T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:59:43.960+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2619",
      "initial_release_date": "2023-10-10T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-10-10T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Adobe Magento \u003c 2.4.7-beta2",
                "product": {
                  "name": "Adobe Magento \u003c 2.4.7-beta2",
                  "product_id": "T030421",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:adobe:magento:2.4.7-beta2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Adobe Magento \u003c 2.4.6-p3",
                "product": {
                  "name": "Adobe Magento \u003c 2.4.6-p3",
                  "product_id": "T030422",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:adobe:magento:2.4.6-p3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Adobe Magento \u003c 2.4.5-p5",
                "product": {
                  "name": "Adobe Magento \u003c 2.4.5-p5",
                  "product_id": "T030423",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:adobe:magento:2.4.5-p5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Adobe Magento \u003c 2.4.4-p6",
                "product": {
                  "name": "Adobe Magento \u003c 2.4.4-p6",
                  "product_id": "T030424",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:adobe:magento:2.4.4-p6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Magento"
          }
        ],
        "category": "vendor",
        "name": "Adobe"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-26368",
      "notes": [
        {
          "category": "description",
          "text": "In Adobe Magento existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-26368"
    },
    {
      "cve": "CVE-2023-26366",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Adobe Magento. Der Fehler besteht aufgrund einer Server-Side Request Forgery (SSRF). Ein entfernter, authentisierter Angreifer mit bestimmten Rechten kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
        }
      ],
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-26366"
    },
    {
      "cve": "CVE-2023-38251",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Adobe Magento. Der Fehler besteht aufgrund eines unkontrollierten Ressourcenverbrauchs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-38251"
    },
    {
      "cve": "CVE-2023-38250",
      "notes": [
        {
          "category": "description",
          "text": "In Adobe Magento existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund einer mehrfachen unsachgem\u00e4\u00dfen Neutralisierung spezieller Elemente, die in einem SQL-Befehl verwendet werden, und einer Offenlegung von Informationen. Ein entfernter, authentisierter Angreifer mit bestimmten Rechten kann diese Schwachstellen zur Ausf\u00fchrung von beliebigem Code ausnutzen."
        }
      ],
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-38250"
    },
    {
      "cve": "CVE-2023-38249",
      "notes": [
        {
          "category": "description",
          "text": "In Adobe Magento existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund einer mehrfachen unsachgem\u00e4\u00dfen Neutralisierung spezieller Elemente, die in einem SQL-Befehl verwendet werden, und einer Offenlegung von Informationen. Ein entfernter, authentisierter Angreifer mit bestimmten Rechten kann diese Schwachstellen zur Ausf\u00fchrung von beliebigem Code ausnutzen."
        }
      ],
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-38249"
    },
    {
      "cve": "CVE-2023-38221",
      "notes": [
        {
          "category": "description",
          "text": "In Adobe Magento existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund einer mehrfachen unsachgem\u00e4\u00dfen Neutralisierung spezieller Elemente, die in einem SQL-Befehl verwendet werden, und einer Offenlegung von Informationen. Ein entfernter, authentisierter Angreifer mit bestimmten Rechten kann diese Schwachstellen zur Ausf\u00fchrung von beliebigem Code ausnutzen."
        }
      ],
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-38221"
    },
    {
      "cve": "CVE-2023-26367",
      "notes": [
        {
          "category": "description",
          "text": "In Adobe Magento existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund einer mehrfachen unsachgem\u00e4\u00dfen Neutralisierung spezieller Elemente, die in einem SQL-Befehl verwendet werden, und einer Offenlegung von Informationen. Ein entfernter, authentisierter Angreifer mit bestimmten Rechten kann diese Schwachstellen zur Ausf\u00fchrung von beliebigem Code ausnutzen."
        }
      ],
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-26367"
    },
    {
      "cve": "CVE-2023-38220",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Adobe Magento. Der Fehler besteht aufgrund einer unzul\u00e4ssigen Autorisierung. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-38220"
    },
    {
      "cve": "CVE-2023-38219",
      "notes": [
        {
          "category": "description",
          "text": "In Adobe Magento existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund einer unsachgem\u00e4\u00dfen Eingabevalidierung und eines gespeicherten Cross-Site-Scripting-Angriffs. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einer dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-38219"
    },
    {
      "cve": "CVE-2023-38218",
      "notes": [
        {
          "category": "description",
          "text": "In Adobe Magento existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund einer unsachgem\u00e4\u00dfen Eingabevalidierung und eines gespeicherten Cross-Site-Scripting-Angriffs. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einer dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-38218"
    }
  ]
}