Stored Cross-Site Scripting Vulnerability in Adobe Commerce Products
CVE-2025-47110
What is CVE-2025-47110?
CVE-2025-47110 is a stored Cross-Site Scripting (XSS) vulnerability identified in Adobe Commerce products, specifically affecting versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, and 2.4.4-p13, as well as any earlier versions. This vulnerability arises when a high-privileged attacker can exploit vulnerable form fields to inject malicious scripts. If successfully executed, JavaScript may run within the context of a victim's browser, potentially compromising their session or stealing sensitive information. The significance of this vulnerability lies in its ability to allow attackers to manipulate user interactions, leading to broader security implications for organizations using Adobe Commerce, which serves as an e-commerce solution for numerous businesses.
Potential impact of CVE-2025-47110
-
Data Theft: Exploitation of this vulnerability enables attackers to execute malicious scripts that could lead to the theft of sensitive user data, including personal and financial information.
-
Session Hijacking: Attackers can utilize the vulnerability to hijack user sessions, allowing them unauthorized access to user accounts and administrative controls within the Adobe Commerce platform.
-
Reputation Damage: A successful attack could result in significant reputational harm to organizations utilizing Adobe Commerce, as data breaches and security incidents often erode customer trust and lead to loss of business.
Affected Version(s)
Adobe Commerce 0 <= 2.4.4-p13