How severe is CVE-2024-20719?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2024-20719?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2024-20719

CRITICAL Year: 2024

CVSS v3 Score

9.1

Critical

Weakness Type

CWE-79

View all →

Vulnerability Description

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access.

CVE-2022-1380

CRITICAL

CVSS:9.1(Critical)

Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.

CWE-792022

CVE-2022-2217

CRITICAL

CVSS:9.1(Critical)

Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0.

CWE-792022

CVE-2022-2218

CRITICAL

CVSS:9.1(Critical)

Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0.

CWE-792022

CVE-2023-0306

CRITICAL

CVSS:9.1(Critical)

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

CWE-792023

CVE-2023-48082

CRITICAL

CVSS:9.1(Critical)

Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to...

CWE-792023

CVE-2023-50808

CRITICAL

CVSS:9.1(Critical)

Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the Modern UI.

CWE-792023

CVE-2024-20719

Vulnerability Description

Related Vulnerabilities

CVE-2022-1380

CVE-2022-2217

CVE-2022-2218

CVE-2023-0306

CVE-2023-48082

CVE-2023-50808