CVE-2022-35698

CRITICAL

Adobe Commerce <2.4.4-p1, <2.4.5 - XSS

Title source: llm

Description

Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.

Exploits (1)

nomisec WRITEUP 37 stars

by EmicoEcommerce · poc

https://github.com/EmicoEcommerce/Magento-APSB22-48-Security-Patches

View Code ZIP pw:eip

References (1)

[Patch, Vendor Advisory] https://helpx.adobe.com/security/products/magento/apsb22-48.html

Scores

CVSS v3 10.0

EPSS 0.0276

EPSS Percentile 86.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-79

Status published

Products (8)

adobe/commerce 2.4.4 (2 CPE variants)

adobe/commerce 2.4.5

adobe/commerce < 2.4.4

adobe/magento_open_source 2.4.4 (2 CPE variants)

adobe/magento_open_source 2.4.5

adobe/magento_open_source < 2.4.4

magento/community-edition Packagist

magento/project-community-edition 0Packagist

Published Oct 14, 2022

Tracked Since Feb 18, 2026