Stored Cross-Site Scripting Vulnerability in Adobe Commerce
CVE-2026-21284
8.1HIGH
What is CVE-2026-21284?
Adobe Commerce versions 2.4.9-alpha3 and earlier are susceptible to a stored Cross-Site Scripting (XSS) vulnerability. This flaw allows attackers with elevated privileges to inject harmful scripts into various form fields. When a victim visits the affected page, the malicious JavaScript can execute in their browser, enabling the attacker to potentially hijack user sessions. This vulnerability underscores the importance of securing user input fields to uphold confidentiality and integrity within affected versions.
Affected Version(s)
Adobe Commerce 0 <= 2.4.4-p16