Adobe Commerce
Moderate fix6 remedies
cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*
Moderate fix6 remedies
- <= 2.4.9-alpha3
- <= 2.4.8-p3
- <= 2.4.7-p8
- <= 2.4.6-p13
- <= 2.4.5-p15
- <= 2.4.4-p16
Adobe Commerce and Magento Open Source Stored Cross-Site Scripting Vulnerability
Vulnerability
Patched
A stored Cross-Site Scripting (XSS) vulnerability has been identified in Adobe Commerce and Magento Open Source. This issue affects multiple versions, including Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier, as well as Magento Open Source versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13 and 2.4.5-p15 and earlier. The vulnerability allows low-privileged attackers to inject malicious scripts into vulnerable form fields. Exploitation requires user interaction, as the victim must navigate to the page containing the affected field.
Impact
Successful exploitation of this vulnerability allows for stored Cross-Site Scripting, where injected scripts are executed in the context of the user.
Remediation
Users are advised to update to Adobe Commerce version 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16 or 2.4.4-p17. For Magento Open Source, users should update to version 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14 or 2.4.5-p16.
Added: Mar 11, 2026, 3:25 AM
Updated: Mar 11, 2026, 3:25 AM
Vulnerability Rating
Custom Algorithm
spread
6.4impact
1.7exploitability
5.2remediation
7.7relevance
3.8threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.