Stored Cross-Site Scripting Vulnerability in Adobe Commerce
CVE-2026-47995
Key Information:
- Vendor
Adobe
- Vendor
- CVE Published:
- 14 July 2026
What is CVE-2026-47995?
Adobe Commerce is susceptible to a stored Cross-Site Scripting (XSS) vulnerability that enables high-privileged attackers to inject harmful scripts into vulnerable form fields. This vulnerability allows the execution of malicious JavaScript in the browser of users who access the page containing the compromised field, potentially leading to unauthorized access or control over the victim's account or session. It highlights the need for immediate security measures to protect sensitive user data and maintain the integrity of online transactions.
Affected Version(s)
Adobe Commerce 0 <= 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18
Adobe Commerce 0 <= 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18
Adobe Commerce B2B 0 <= 1.5.3, 1.5.2-p5, 1.4.2-p10, 1.3.4-p17, 1.3.3-p18