CVE-2022-34258

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.3-p2 and earlier Adobe Commerce versions 2.3.7-p3 and earlier Adobe Commerce versions 2.4.4 and earlier

Description The issue is related to the lack of protection of the web page structure, which can be exploited by a remote attacker to conduct cross-site scripting attacks. An attacker with admin privileges can inject malicious scripts into vulnerable form fields, and malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.

Recommendations For Adobe Commerce versions 2.4.3-p2 and earlier, update to a version that includes the fix for this issue. For Adobe Commerce versions 2.3.7-p3 and earlier, update to a version that includes the fix for this issue. For Adobe Commerce versions 2.4.4 and earlier, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the vulnerable form fields to minimize the risk of exploitation.