8.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-38219

GHSA ID

GHSA-3j7w-jp46-9752

EPSS Score

0.80409%

CWE

CWE-79

Published

10/13/2023

Updated

3/4/2025

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-38219

CVE-2023-38219: Magento Open Source allows Cross-Site Scripting (XSS)

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact.

(GitHub Advisory)

8.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-38219

GHSA ID

GHSA-3j7w-jp46-9752

EPSS Score

0.80409%

CWE

CWE-79

Published

10/13/2023

Updated

3/4/2025

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
magento/community-edition	composer	= 2.4.7-beta1	2.4.7-beta2
magento/community-edition	composer	= 2.4.6
magento/community-edition	composer	= 2.4.5
magento/community-edition	composer	= 2.4.4
magento/community-edition	composer	>= 2.4.6-p1, < 2.4.6-p3	2.4.6-p3
magento/community-edition	composer	>= 2.4.5-p1, < 2.4.5-p5	2.4.5-p5
magento/community-edition	composer	>= 2.4.4-p1, < 2.4.4-p6	2.4.4-p6
magento/project-community-edition	composer	<= 2.0.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

**o** *omm*r** v*rsions *.*.*-**t** (*n* **rli*r), *.*.*-p* (*n* **rli*r), *.*.*-p* (*n* **rli*r) *n* *.*.*-p* (*n* **rli*r) *r* *****t** *y * stor** *ross-Sit* S*riptin* (XSS) vuln*r**ility t**t *oul* ** **us** *y * low-privil**** *tt**k*r to inj**t

Reasoning

No *n*lysis *v*il**l*

8.7

Basic Information

Concerned about an active attack path?

CVE-2023-38219: Magento Open Source allows Cross-Site Scripting (XSS)

8.7

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI