{"id":"CVE-2023-38219","details":"Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact.","aliases":["GHSA-3j7w-jp46-9752"],"modified":"2026-03-14T12:17:28.317857Z","published":"2023-10-13T07:15:40.327Z","references":[{"type":"ADVISORY","url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/magento/magento2","events":[{"introduced":"0"},{"last_affected":"44a7b6079bcac5ba92040b16f4f74024b4f34d09"},{"introduced":"0"},{"last_affected":"3c90474cbeac29921594ab97e68ca0502b5827a0"},{"introduced":"0"},{"last_affected":"8d05e426a54cd4937b22fab079d40dfc431b6dfb"},{"introduced":"0"},{"last_affected":"ad91bd9eb0a691dc72bb8d794484dbd0b5a2a3f0"},{"introduced":"0"},{"last_affected":"246d524b7586af2245092008e0d92b8d6fdd8523"},{"introduced":"0"},{"last_affected":"6729b6e01368248abc33300208eb292c95050203"},{"introduced":"0"},{"last_affected":"e15fcef0c71b5f25ed3d50f41586d70c45c2cb42"},{"introduced":"0"},{"last_affected":"445b0f1a3d6a91b5da32d311077c2112ef0b1503"},{"introduced":"0"},{"last_affected":"a2eb7e29ea92a8bbc86c3b6b81b59d8533088497"},{"introduced":"0"},{"last_affected":"33242e4b19cf207d7b73f7791ef894b48bb41f8a"},{"introduced":"0"},{"last_affected":"1bd5cb8c065e44779526c0b044ce19b884707695"},{"introduced":"0"},{"last_affected":"2c2b2745151ecf2872f006c109d355f7a01ba9db"},{"introduced":"0"},{"last_affected":"4c36116dcf878e127059d9be9566a119783583f2"},{"introduced":"0"},{"last_affected":"8afdb9858d238392ecb5dbfe556068ec1af137bc"},{"introduced":"0"},{"last_affected":"1dd4ee8c3ab26dbb762fbaf9893c1f75148bb35b"},{"introduced":"0"},{"last_affected":"5f07eba878296a37bd5c3a2baecad48948547594"},{"introduced":"0"},{"last_affected":"0f9a056c8d83c4f319626b3e56ec52a533999f25"},{"introduced":"0"},{"last_affected":"5548bc64b5bc904346c0af9193a7fbb5274b4efa"},{"introduced":"0"},{"last_affected":"ef922155dbe6321862b3811e2472f2790489e685"},{"introduced":"0"},{"last_affected":"e18651b120784046b22e146ca1ab5d79493ed8a4"},{"introduced":"0"},{"last_affected":"c739d2113ebbbdceede4fa0dd6b0a0fc3e83355c"},{"introduced":"0"},{"last_affected":"a2ded45232876973af6e30fe312b76c0de77ebf3"},{"introduced":"0"},{"last_affected":"1df4565907d40f14ee1c753cc2de2ce567bfa8d7"},{"introduced":"0"},{"last_affected":"11846a1a10539470f2fe1522030ff42d62daa562"},{"introduced":"0"},{"last_affected":"3e26248d2ccb4b52d75e6188bb1fc93dd691c254"},{"introduced":"0"},{"last_affected":"58dfc61e7b545bdeaf3c3a2dac489e8770d85656"},{"introduced":"0"},{"last_affected":"4d4e0e2ebf249a00c5f5aa1eaec3f24575133b62"},{"introduced":"0"},{"last_affected":"d6f014854784eccd39d2ecb35c4beeb82d59b309"},{"introduced":"0"},{"last_affected":"d846142a3ab8b49597dfb8bd7508d875efdab19a"},{"introduced":"0"},{"last_affected":"727560d82199f6b938d1906e9d923e2dd40b490a"},{"introduced":"0"},{"last_affected":"37861a4025ef7f18016d3ab149e006da46821784"},{"introduced":"0"},{"last_affected":"d10435b11ada4e502dca7539f8fd31d059d3c482"},{"introduced":"0"},{"last_affected":"0f9a056c8d83c4f319626b3e56ec52a533999f25"},{"introduced":"0"},{"last_affected":"5548bc64b5bc904346c0af9193a7fbb5274b4efa"},{"introduced":"0"},{"last_affected":"ef922155dbe6321862b3811e2472f2790489e685"},{"introduced":"0"},{"last_affected":"e18651b120784046b22e146ca1ab5d79493ed8a4"},{"introduced":"0"},{"last_affected":"1df4565907d40f14ee1c753cc2de2ce567bfa8d7"},{"introduced":"0"},{"last_affected":"11846a1a10539470f2fe1522030ff42d62daa562"},{"introduced":"0"},{"last_affected":"3e26248d2ccb4b52d75e6188bb1fc93dd691c254"},{"introduced":"0"},{"last_affected":"58dfc61e7b545bdeaf3c3a2dac489e8770d85656"},{"introduced":"0"},{"last_affected":"4d4e0e2ebf249a00c5f5aa1eaec3f24575133b62"},{"introduced":"0"},{"last_affected":"d846142a3ab8b49597dfb8bd7508d875efdab19a"},{"introduced":"0"},{"last_affected":"727560d82199f6b938d1906e9d923e2dd40b490a"},{"introduced":"0"},{"last_affected":"37861a4025ef7f18016d3ab149e006da46821784"},{"introduced":"0"},{"last_affected":"d10435b11ada4e502dca7539f8fd31d059d3c482"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.3.7-NA"},{"introduced":"0"},{"last_affected":"2.3.7-p1"},{"introduced":"0"},{"last_affected":"2.3.7-p2"},{"introduced":"0"},{"last_affected":"2.3.7-p3"},{"introduced":"0"},{"last_affected":"2.3.7-p4"},{"introduced":"0"},{"last_affected":"2.4.0-NA"},{"introduced":"0"},{"last_affected":"2.4.0-ext\\-1"},{"introduced":"0"},{"last_affected":"2.4.1-NA"},{"introduced":"0"},{"last_affected":"2.4.1-ext\\-1"},{"introduced":"0"},{"last_affected":"2.4.2-NA"},{"introduced":"0"},{"last_affected":"2.4.2-ext\\-1"},{"introduced":"0"},{"last_affected":"2.4.2-ext\\-2"},{"introduced":"0"},{"last_affected":"2.4.3-NA"},{"introduced":"0"},{"last_affected":"2.4.3-ext\\-1"},{"introduced":"0"},{"last_affected":"2.4.3-ext\\-2"},{"introduced":"0"},{"last_affected":"2.4.3-ext\\-3"},{"introduced":"0"},{"last_affected":"2.4.4-NA"},{"introduced":"0"},{"last_affected":"2.4.4-p1"},{"introduced":"0"},{"last_affected":"2.4.4-p2"},{"introduced":"0"},{"last_affected":"2.4.4-p3"},{"introduced":"0"},{"last_affected":"2.4.4-p4"},{"introduced":"0"},{"last_affected":"2.4.4-p5"},{"introduced":"0"},{"last_affected":"2.4.5-NA"},{"introduced":"0"},{"last_affected":"2.4.5-p1"},{"introduced":"0"},{"last_affected":"2.4.5-p2"},{"introduced":"0"},{"last_affected":"2.4.5-p3"},{"introduced":"0"},{"last_affected":"2.4.5-p4"},{"introduced":"0"},{"last_affected":"2.4.5-p5"},{"introduced":"0"},{"last_affected":"2.4.6-NA"},{"introduced":"0"},{"last_affected":"2.4.6-p1"},{"introduced":"0"},{"last_affected":"2.4.6-p2"},{"introduced":"0"},{"last_affected":"2.4.7-b1"},{"introduced":"0"},{"last_affected":"2.4.4-NA"},{"introduced":"0"},{"last_affected":"2.4.4-p1"},{"introduced":"0"},{"last_affected":"2.4.4-p2"},{"introduced":"0"},{"last_affected":"2.4.4-p3"},{"introduced":"0"},{"last_affected":"2.4.5-NA"},{"introduced":"0"},{"last_affected":"2.4.5-p1"},{"introduced":"0"},{"last_affected":"2.4.5-p2"},{"introduced":"0"},{"last_affected":"2.4.5-p3"},{"introduced":"0"},{"last_affected":"2.4.5-p4"},{"introduced":"0"},{"last_affected":"2.4.6-NA"},{"introduced":"0"},{"last_affected":"2.4.6-p1"},{"introduced":"0"},{"last_affected":"2.4.6-p2"},{"introduced":"0"},{"last_affected":"2.4.7-b1"}]}}],"versions":["0.1.0-alpha100","0.1.0-alpha101","0.1.0-alpha102","0.1.0-alpha103","0.1.0-alpha104","0.1.0-alpha105","0.1.0-alpha106","0.1.0-alpha107","0.1.0-alpha108","0.1.0-alpha89","0.1.0-alpha90","0.1.0-alpha91","0.1.0-alpha92","0.1.0-alpha93","0.1.0-alpha94","0.1.0-alpha95","0.1.0-alpha96","0.1.0-alpha97","0.1.0-alpha98","0.1.0-alpha99","0.42.0-beta1","0.42.0-beta10","0.42.0-beta11","0.42.0-beta2","0.42.0-beta3","0.42.0-beta4","0.42.0-beta5","0.42.0-beta6","0.42.0-beta7","0.42.0-beta8","0.42.0-beta9","0.74.0-beta1","0.74.0-beta10","0.74.0-beta11","0.74.0-beta12","0.74.0-beta13","0.74.0-beta14","0.74.0-beta15","0.74.0-beta16","0.74.0-beta2","0.74.0-beta3","0.74.0-beta4","0.74.0-beta5","0.74.0-beta6","0.74.0-beta7","0.74.0-beta8","0.74.0-beta9","1.0.0-beta","2.0.0","2.0.0-rc","2.0.0-rc2","2.1.0","2.1.0-rc1","2.1.0-rc2","2.1.0-rc3","2.2.0-RC1.1","2.2.0-RC1.2","2.2.0-RC1.3","2.2.0-RC1.4","2.2.0-RC1.5","2.2.0-RC1.6","2.2.0-RC1.8","2.2.0-rc2.0","2.2.0-rc2.1","2.2.0-rc2.2","2.2.0-rc2.3","2.2.0-rc3.0","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.3.5","2.3.6","2.3.7","2.4.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-38219.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.3.7-p4\\-ext1"}]},{"events":[{"introduced":"0"},{"last_affected":"2.3.7-p4\\-ext2"}]},{"events":[{"introduced":"0"},{"last_affected":"2.3.7-p4\\-ext3"}]},{"events":[{"introduced":"0"},{"last_affected":"2.3.7-p4\\-ext4"}]},{"events":[{"introduced":"0"},{"last_affected":"2.4.0-ext\\-2"}]},{"events":[{"introduced":"0"},{"last_affected":"2.4.0-ext\\-3"}]},{"events":[{"introduced":"0"},{"last_affected":"2.4.0-ext\\-4"}]},{"events":[{"introduced":"0"},{"last_affected":"2.4.1-ext\\-2"}]},{"events":[{"introduced":"0"},{"last_affected":"2.4.1-ext\\-3"}]},{"events":[{"introduced":"0"},{"last_affected":"2.4.1-ext\\-4"}]},{"events":[{"introduced":"0"},{"last_affected":"2.4.2-ext\\-3"}]},{"events":[{"introduced":"0"},{"last_affected":"2.4.2-ext\\-4"}]},{"events":[{"introduced":"0"},{"last_affected":"2.4.3-ext\\-4"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"}]}