Stored Cross-Site Scripting Vulnerability in Adobe Commerce
CVE-2026-47994
8.7HIGH
Key Information:
- Vendor
Adobe
- Vendor
- CVE Published:
- 14 July 2026
What is CVE-2026-47994?
Adobe Commerce is impacted by a stored Cross-Site Scripting (XSS) vulnerability, allowing a low-privileged attacker to inject malicious scripts into vulnerable form fields. When users interact with these fields, the malicious JavaScript could execute in their browsers. This exploitation poses a risk of unauthorized access or control over the affected user's account, compromising session security. Proper sanitization and validation measures are essential to mitigate this vulnerability effectively.
Affected Version(s)
Adobe Commerce 0 <= 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18
Adobe Commerce 0 <= 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18
Adobe Commerce B2B 0 <= 1.5.3, 1.5.2-p5, 1.4.2-p10, 1.3.4-p17, 1.3.3-p18