Stored XSS Vulnerability in Adobe Commerce Products
CVE-2025-49557
8.7HIGH
What is CVE-2025-49557?
Adobe Commerce is impacted by a stored Cross-Site Scripting (XSS) vulnerability that allows low-privileged attackers to inject malicious scripts into form fields. Successful exploitation requires user interaction, as victims must visit a page containing the vulnerable field. Once injected, these scripts can lead to privilege escalation or compromise sensitive user data, putting both the application and users at significant risk.
Affected Version(s)
Adobe Commerce 0 <= 2.4.4-p14