Stored Cross-Site Scripting Vulnerability in Adobe Commerce
CVE-2026-48371
5.4MEDIUM
Key Information:
- Vendor
Adobe
- Vendor
- CVE Published:
- 14 July 2026
What is CVE-2026-48371?
Adobe Commerce is prone to a stored Cross-Site Scripting (XSS) vulnerability that enables low-privileged attackers to inject harmful scripts into vulnerable form fields. When users visit a webpage with an affected field, the malicious JavaScript can execute in their browser, potentially leading to data theft or session hijacking.
Affected Version(s)
Adobe Commerce 0 <= 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18
Adobe Commerce 0 <= 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18
Adobe Commerce B2B 0 <= 1.5.3, 1.5.2-p5, 1.4.2-p10, 1.3.4-p17, 1.3.3-p18