Stored Cross-Site Scripting Vulnerability in Adobe Commerce Products
CVE-2025-24413

5.4MEDIUM

Key Information:

Vendor
Adobe
Vendor
CVE Published:
11 February 2025

Summary

Adobe Commerce is vulnerable to a stored Cross-Site Scripting (XSS) issue that allows low-privileged attackers to inject malicious scripts into form fields. When users interact with affected pages, these scripts may execute in the context of their browser, potentially leading to session hijacking and compromising user data. This underscores the importance of timely updates and best practices in web security.

Affected Version(s)

Adobe Commerce 0 <= 2.4.8-beta1

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.