CVE-2023-29289 (commerce, magento)

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction.

adobe adobe commerce bypass commerce cve exploitation feature injection issue low magento privileges script security security feature bypass trigger vulnerability xml xml injection