Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could be abused by an attacker to inject malicious scripts into the vulnerable endpoint. A low privileged attacker could leverage this vulnerability to read local files and to perform Stored XSS. Exploitation of this issue does not require user interaction.
Advisories
Source ID Title
EUVD EUVD EUVD-2022-6554 Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could be abused by an attacker to inject malicious scripts into the vulnerable endpoint. A low privileged attacker could leverage this vulnerability to read local files and to perform Stored XSS. Exploitation of this issue does not require user interaction.
Github GHSA Github GHSA GHSA-fx9g-g9q6-x3jx Magento Path Traversal vulnerability
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 23 Apr 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2025-04-23T17:49:54.693Z

Reserved: 2022-06-21T00:00:00.000Z

Link: CVE-2022-34254

cve-icon Vulnrichment

Updated: 2024-08-03T09:07:15.129Z

cve-icon NVD

Status : Modified

Published: 2022-08-16T21:15:10.040

Modified: 2024-11-21T07:09:09.437

Link: CVE-2022-34254

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.