Adobe.Commerce.and.Magento.Open.Source.Shipping.Policy.XSS
Description
This indicates an attack attempt to exploit a Cross-Site Scripting Vulnerability in Adobe Magento Open Source.
The vulnerability is due to improper sanitization of user data in the shipping policy displayed to users on the checkout page. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in the execution of script code in the security context of a target user's browser.
Affected Products
Adobe Commerce 2.3.7-p3 and prior
Adobe Commerce 2.4.3-p2 and prior
Adobe Commerce 2.4.4 and prior
Adobe Magento Open Source 2.3.7-p3 and prior
Adobe Magento Open Source 2.4.3-p2 and prior
Adobe Magento Open Source 2.4.4 and prior
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://helpx.adobe.com/security/products/magento/apsb22-38.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |