Description

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could be abused by an attacker to inject malicious scripts into the vulnerable endpoint. A low privileged attacker could leverage this vulnerability to read local files and to perform Stored XSS. Exploitation of this issue does not require user interaction.

Remediation

References

CVE-2022-34254

Related Vulnerabilities

MySQL CVE-2022-21323 Vulnerability (CVE-2022-21323)

WordPress Plugin Spider Calendar Cross-Site Scripting (1.1.0)

Oracle JRE CVE-2013-5848 Vulnerability (CVE-2013-5848)

Joomla! Core 4.x.x Multiple Vulnerabilities (4.0.0 - 4.2.3)

WordPress Plugin Rank Math SEO-Best SEO For WordPress To Increase Your SEO Traffic Server-Side Request Forgery (1.0.95)

Severity

High

Classification

CVE-2022-34254 CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities