virus logo Intrusion Prevention

Adobe.Commerce.and.Magento.Open.Source.Shipping.Policy.XSS

description-logoDescription

This indicates an attack attempt to exploit a Cross-Site Scripting Vulnerability in Adobe Magento Open Source.
The vulnerability is due to improper sanitization of user data in the shipping policy displayed to users on the checkout page. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in the execution of script code in the security context of a target user's browser.

affected-products-logoAffected Products

Adobe Commerce 2.3.7-p3 and prior
Adobe Commerce 2.4.3-p2 and prior
Adobe Commerce 2.4.4 and prior
Adobe Magento Open Source 2.3.7-p3 and prior
Adobe Magento Open Source 2.4.3-p2 and prior
Adobe Magento Open Source 2.4.4 and prior

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://helpx.adobe.com/security/products/magento/apsb22-38.html

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2022-09-29 22.404 Default_action:pass:drop
2022-09-20 22.397
ID 52129
Created Sep 12, 2022
Updated Sep 28, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2022-34258
Exploit Prediction Score 2.68%
Default Action drop
Active
Affected OS All
Affected App Adobe