CVSS 3.1 Score 8.1 of 10 (high)


Published Apr 10, 2024


CVE-2024-20759 is a high-severity vulnerability affecting Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier. It is a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to inject malicious scripts into vulnerable form fields. This allows for the execution of malicious JavaScript in a victim's browser when they visit the page with the vulnerable field. The impact of this vulnerability is considered high in terms of confidentiality and integrity, particularly for administrative purposes. To remediate the issue, users are advised to update their Adobe Commerce installations to a non-vulnerable version as soon as possible.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-20759 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options