Stored Cross-Site Scripting Vulnerability in Adobe Commerce Products
CVE-2026-21291
4.8MEDIUM
What is CVE-2026-21291?
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, and 2.4.4-p16 and prior releases are susceptible to a stored Cross-Site Scripting (XSS) vulnerability. This issue allows high-privileged attackers to inject malicious scripts into vulnerable form fields. Successful exploitation of this vulnerability necessitates user interaction, as the victim must access a page that contains the affected field, potentially leading to unauthorized access and data manipulation.
Affected Version(s)
Adobe Commerce 0 <= 2.4.4-p16