4.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-22249

GHSA ID

GHSA-fxcr-gvcw-hmqm

EPSS Score

0.94477%

CWE

CWE-79

Published

7/6/2023

Updated

3/4/2025

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-22249

CVE-2023-22249: Magento Open Source allows Cross-Site Scripting (XSS)

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

(GitHub Advisory)

4.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-22249

GHSA ID

GHSA-fxcr-gvcw-hmqm

EPSS Score

0.94477%

CWE

CWE-79

Published

7/6/2023

Updated

3/4/2025

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions
magento/community-edition	composer	= 2.4.4
magento/community-edition	composer	= 2.4.5
magento/community-edition	composer	>= 2.4.4-p1, <= 2.4.4-p2
magento/community-edition	composer	= 2.4.5-p1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

**o** *omm*r** v*rsions *.*.*-p* (*n* **rli*r) *n* *.*.*-p* (*n* **rli*r) *r* *****t** *y * stor** *ross-Sit* S*riptin* (XSS) vuln*r**ility t**t *oul* ** **us** *y * *i**-privil**** *tt**k*r to inj**t m*li*ious s*ripts into vuln*r**l* *orm *i*l*s. M*

Reasoning

No *n*lysis *v*il**l*

4.8

Basic Information

Concerned about an active attack path?

CVE-2023-22249: Magento Open Source allows Cross-Site Scripting (XSS)

4.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI