Adobe Commerce
Moderate fix6 remedies
cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*
Moderate fix6 remedies
- <= 2.4.9-alpha3
- <= 2.4.8-p3
- <= 2.4.7-p8
- <= 2.4.6-p13
- <= 2.4.5-p15
- <= 2.4.4-p16
Adobe Commerce and Magento Open Source Stored Cross-Site Scripting Vulnerability
Vulnerability
Patched
A stored Cross-Site Scripting (XSS) vulnerability has been identified in Adobe Commerce and Magento Open Source. This issue affects several versions, including Adobe Commerce 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier, as well as Magento Open Source 2.4.9-alpha3, 2.4.8-p3 and earlier, 2.4.7-p8 and earlier, 2.4.6-p13 and earlier, and 2.4.5-p15 and earlier. The vulnerability allows low-privileged attackers to inject malicious scripts into form fields, which could then be executed in the browsers of users who visit the affected page. This exploitation could lead to session takeover, significantly increasing the risks to confidentiality and integrity.
Impact
Successful exploitation allows for session takeover, with a high impact on confidentiality and integrity.
Remediation
Users are advised to update to Adobe Commerce 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, or 2.4.4-p17. For Magento Open Source, users should update to 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, or 2.4.5-p16.
Added: Mar 11, 2026, 3:26 AM
Updated: Mar 11, 2026, 3:26 AM
Vulnerability Rating
Custom Algorithm
spread
6.4impact
5.4exploitability
5.2remediation
7.7relevance
3.8threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.