Stored Cross-Site Scripting Vulnerability in Adobe Commerce
CVE-2026-34655
4.8MEDIUM
What is CVE-2026-34655?
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, and 2.4.4-p17 are susceptible to a stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows high-privileged attackers to inject malicious JavaScript code into vulnerable form fields. When affected users access a page containing the compromised field, the injected scripts may execute in their browsers, potentially leading to unauthorized actions and compromised security.
Affected Version(s)
Adobe Commerce 0 <= 2.4.4-p17