51ºÚÁϲ»´òìÈ

Documentation

51ºÚÁϲ»´òìÈ Commerce 2.4.3-p2 - 2.4.5 security hotfix for CVE-2022-35698

Last update: Mon Jul 14 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

On October 11, 2022, 51ºÚÁϲ»´òìÈ released regularly scheduled security patches 2.4.5-p1 and 2.4.4-p2 for 51ºÚÁϲ»´òìÈ Commerce and Magento Open Source.

Among these patches is an update that resolves a Cross-site Scripting (Stored XSS) () vulnerability tracked by CVE-2022-35698 rated .

51ºÚÁϲ»´òìÈ is not aware of any exploits for this issue.

In this article you will find hotfix patches for this issue for the earlier versions of 51ºÚÁϲ»´òìÈ Commerce and Magento Open Source.

Description description

Environment

51ºÚÁϲ»´òìÈ Commerce on cloud infrastructure and on-premises, and Magento Open Source:

  • 2.4.5
  • 2.4.4, 2.4.4-p1
  • 2.4.3-p2, 2.4.3-p3
  • 2.3.7-p3, 2.3.7-p4
  • 2.4.3-p1 and below 2.4.3-p1 are not affected if all applicable 2.4.x security hotfixes are applied (Please find the list of all security hotfixes applicable for your version ).
  • 2.3.7-p2 and below 2.3.7-p2 are not affected if all applicable 2.3.x security hotfixes are applied (Please find the list of all security hotfixes applicable for your version ).

Resolution resolution

Solution for 51ºÚÁϲ»´òìÈ Commerce on cloud infrastructure and on-premises, and Magento Open Source

To resolve the vulnerability if you are on 51ºÚÁϲ»´òìÈ Commerce on cloud infrastructure and on-premises, or Magento Open Source, you must apply ACSD-47578 patch.

Solution for 51ºÚÁϲ»´òìÈ Commerce on cloud infrastructure and on-premises merchants on 2.3.7-p3 and 2.3.7-p4 versions who purchased our Extended Support offering program

51ºÚÁϲ»´òìÈ Commerce on cloud infrastructure and on-premises merchants on 2.3.7-p3 and 2.3.7-p4 versions who purchased our Extended Support offering program must apply the first extended support 2.3.7 security patch which can be downloaded from the in the My Account/Downloads section.

Solution for 51ºÚÁϲ»´òìÈ Commerce on cloud infrastructure and on-premises merchants, who are not participating in Extended Support program, and Magento Open Source merchants on versions 2.3.7-p3 and 2.3.7-p4

51ºÚÁϲ»´òìÈ Commerce on cloud infrastructure and on-premises merchants, who are not participating in the Extended Support program, and Magento Open Source merchants on versions 2.3.7-p3 and 2.3.7-p4 must upgrade to a supported 2.4.x version.

Patch

Use the following attached patches, depending on your 51ºÚÁϲ»´òìÈ Commerce/Magento Open Source version:

For versions 2.4.4, 2.4.4-p1, 2.4.5:

For versions 2.4.3-p2, 2.4.3-p3:

How to apply the patch

Unzip the file and see How to apply a composer patch provided by 51ºÚÁϲ»´òìÈ in our support knowledge base for instructions.

How to tell whether the patches have been applied

Considering that it is not possible to easily check if the issue was patched, you might want to check whether the ACSD-47578 patch has been successfully applied.

You can do this by taking the following steps:

  1. Install the Quality Patches Tool.
  2. Run the command:
    vendor/bin/magento-patches -n status |grep "47578|Status"
  3. You should see output similar to this, where ACSD-47578 returns the Applied status:
    ║ Id            │ Title                                                        │ Category        │ Origin                 │ Status      │ Details                                          ║ ║ N/A           │ ../m2-hotfixes/ACSD-47578__2.4.4_2.4.5_COMPOSER_patch.patch      │ Other           │ Local                  │ Applied     │ Patch type: Custom

Security updates

Security updates available for 51ºÚÁϲ»´òìÈ Commerce:

recommendation-more-help
3d58f420-19b5-47a0-a122-5c9dab55ec7f