Stored Cross-Site Scripting Vulnerability in Adobe Commerce
CVE-2026-34658
4.8MEDIUM
What is CVE-2026-34658?
Adobe Commerce versions 2.4.9-beta1 and earlier are vulnerable to a stored Cross-Site Scripting (XSS) attack, allowing high-privileged attackers to inject malicious JavaScript into form fields. This vulnerability enables the execution of harmful scripts in the browser of legitimate users who access the compromised pages. Proper validation and sanitization of user input are essential to mitigate such risks.
Affected Version(s)
Adobe Commerce 0 <= 2.4.4-p17