Stored Cross-Site Scripting Vulnerability in Adobe Commerce
CVE-2025-54264
8.1HIGH
What is CVE-2025-54264?
A stored Cross-Site Scripting (XSS) vulnerability exists in Adobe Commerce, enabling high-privileged attackers to inject malicious scripts into vulnerable form fields. When a victim interacts with the compromised page containing the affected field, harmful JavaScript can execute in their browser. This can lead to session takeover and significantly compromise the confidentiality and integrity of user data, as the attacker gains unauthorized access through user interaction.
Affected Version(s)
Adobe Commerce 0 <= 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15