Adobe Commerce
Moderate fix6 remedies
cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*
Moderate fix6 remedies
- <= 2.4.9-alpha3
- <= 2.4.8-p3
- <= 2.4.7-p8
- <= 2.4.6-p13
- <= 2.4.5-p15
- <= 2.4.4-p16
Adobe Commerce and Magento Open Source Stored Cross-Site Scripting Vulnerability
Vulnerability
Patched
A stored Cross-Site Scripting (XSS) vulnerability has been identified in Adobe Commerce and Magento Open Source. This issue affects versions through 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. The vulnerability allows a high-privileged attacker to inject malicious scripts into form fields, which could then be executed in the browser of a user who visits the page with the compromised field. Successful exploitation could lead to session takeover, significantly increasing confidentiality and integrity risks.
Impact
Exploitation of this vulnerability could result in stored cross-site scripting, allowing injected scripts to be executed in the context of the user's browser.
Remediation
Users are advised to update to Adobe Commerce 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, or 2.4.4-p17. For Magento Open Source users, the recommended versions are 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, or 2.4.5-p16.
Added: Mar 11, 2026, 3:28 AM
Updated: Mar 11, 2026, 3:28 AM
Vulnerability Rating
Custom Algorithm
spread
6.4impact
5.4exploitability
4.7remediation
7.7relevance
3.8threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.