Volerion logoVolerion
Volerion logoVolerion

Adobe Commerce Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored Cross-Site Scripting (XSS) vulnerability has been identified in Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. This vulnerability allows low-privileged attackers to inject malicious scripts into vulnerable form fields. When a victim visits the page containing the compromised field, the injected JavaScript may be executed in their browser. Exploitation of this vulnerability could lead to session takeover, significantly increasing risks to confidentiality and integrity.

Impact

Successful exploitation allows for session takeover, with high impacts on confidentiality and integrity.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
1.7
exploitability
5.2
remediation
0.0
relevance
0.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.