Adobe Commerce
Moderate fix6 remedies
cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*
Moderate fix6 remedies
- <= 2.4.9-alpha3
- <= 2.4.8-p3
- <= 2.4.7-p8
- <= 2.4.6-p13
- <= 2.4.5-p15
- <= 2.4.4-p16
Adobe Commerce and Magento Open Source Stored Cross-Site Scripting Vulnerability
Vulnerability
Patched
A stored Cross-Site Scripting (XSS) vulnerability has been identified in Adobe Commerce and Magento Open Source. This issue affects several versions, including Adobe Commerce 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier, as well as Magento Open Source 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15 and earlier. The vulnerability allows a high-privileged attacker to inject malicious scripts into vulnerable form fields. When a victim interacts with the page containing the compromised field, the injected JavaScript may execute in their browser. This exploitation could lead to session takeover, significantly increasing the risk to confidentiality and integrity.
Impact
Successful exploitation allows for session takeover, with a high impact on confidentiality and integrity.
Remediation
Users are advised to update to the latest versions of Adobe Commerce or Magento Open Source. Instructions for updating can be found in the Adobe Security Bulletin APSB26-05.
Added: Mar 11, 2026, 3:20 AM
Updated: Mar 11, 2026, 3:20 AM
Vulnerability Rating
Custom Algorithm
spread
6.4impact
1.7exploitability
4.5remediation
7.7relevance
3.8threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.