← Back

CVE-2025-47110

nvd nist
Published: Jun 10, 2025Modified: Jul 15, 2025

JSON object

Loading...
8.4
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Exploitability: 1.7 / Impact: 6.0
Source: NVD

Description

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Scope is changed to that of other high-privileged accounts, leading to a high impact on confidentiality, integrity, and availability.

Affected (104)

Adobe
3 products
Commerce
Commerce B2b
Magento
Configuration A
48 vulnerable
Vulnerable SoftwareAffected Versions
Adobe
Commerce
Version 2.4.4
Commerce
Version 2.4.4 p10
Commerce
Version 2.4.4 p11
Commerce
Version 2.4.4 p12
Commerce
Version 2.4.4 p13
Commerce
Version 2.4.4 p1
Commerce
Version 2.4.4 p2
Commerce
Version 2.4.4 p3
Commerce
Version 2.4.4 p4
Commerce
Version 2.4.4 p5
Commerce
Version 2.4.4 p6
Commerce
Version 2.4.4 p7
Commerce
Version 2.4.4 p8
Commerce
Version 2.4.4 p9
Commerce
Version 2.4.5
Commerce
Version 2.4.5 p10
Commerce
Version 2.4.5 p11
Commerce
Version 2.4.5 p12
Commerce
Version 2.4.5 p1
Commerce
Version 2.4.5 p2
Commerce
Version 2.4.5 p3
Commerce
Version 2.4.5 p4
Commerce
Version 2.4.5 p5
Commerce
Version 2.4.5 p6
Commerce
Version 2.4.5 p7
Commerce
Version 2.4.5 p8
Commerce
Version 2.4.5 p9
Commerce
Version 2.4.6
Commerce
Version 2.4.6 p10
Commerce
Version 2.4.6 p1
Commerce
Version 2.4.6 p2
Commerce
Version 2.4.6 p3
Commerce
Version 2.4.6 p4
Commerce
Version 2.4.6 p5
Commerce
Version 2.4.6 p6
Commerce
Version 2.4.6 p7
Commerce
Version 2.4.6 p8
Commerce
Version 2.4.6 p9
Commerce
Version 2.4.7
Commerce
Version 2.4.7 b1
Commerce
Version 2.4.7 b2
Commerce
Version 2.4.7 beta3
Commerce
Version 2.4.7 p1
Commerce
Version 2.4.7 p2
Commerce
Version 2.4.7 p3
Commerce
Version 2.4.7 p4
Commerce
Version 2.4.7 p5
Commerce
Version 2.4.8
Configuration B
22 vulnerable
Vulnerable SoftwareAffected Versions
Adobe
Commerce B2b
Version 1.3.3
Commerce B2b
Version 1.3.3 p10
Commerce B2b
Version 1.3.3 p11
Commerce B2b
Version 1.3.3 p12
Commerce B2b
Version 1.3.3 p13
Commerce B2b
Version 1.3.4
Commerce B2b
Version 1.3.4 p10
Commerce B2b
Version 1.3.4 p11
Commerce B2b
Version 1.3.4 p12
Commerce B2b
Version 1.3.4 p9
Commerce B2b
Version 1.3.5
Commerce B2b
Version 1.3.5 p10
Commerce B2b
Version 1.3.5 p7
Commerce B2b
Version 1.3.5 p8
Commerce B2b
Version 1.3.5 p9
Commerce B2b
Version 1.4.2
Commerce B2b
Version 1.4.2 p1
Commerce B2b
Version 1.4.2 p2
Commerce B2b
Version 1.4.2 p3
Commerce B2b
Version 1.4.2 p4
Commerce B2b
Version 1.4.2 p5
Commerce B2b
Version 1.5.2
Configuration C
34 vulnerable
Vulnerable SoftwareAffected Versions
Adobe
Magento
Version 2.4.5
Magento
Version 2.4.5 p10
Magento
Version 2.4.5 p11
Magento
Version 2.4.5 p12
Magento
Version 2.4.5 p1
Magento
Version 2.4.5 p2
Magento
Version 2.4.5 p3
Magento
Version 2.4.5 p4
Magento
Version 2.4.5 p5
Magento
Version 2.4.5 p6
Magento
Version 2.4.5 p7
Magento
Version 2.4.5 p8
Magento
Version 2.4.5 p9
Magento
Version 2.4.6
Magento
Version 2.4.6 p10
Magento
Version 2.4.6 p1
Magento
Version 2.4.6 p2
Magento
Version 2.4.6 p3
Magento
Version 2.4.6 p4
Magento
Version 2.4.6 p5
Magento
Version 2.4.6 p6
Magento
Version 2.4.6 p7
Magento
Version 2.4.6 p8
Magento
Version 2.4.6 p9
Magento
Version 2.4.7
Magento
Version 2.4.7 b1
Magento
Version 2.4.7 b2
Magento
Version 2.4.7 beta3
Magento
Version 2.4.7 p1
Magento
Version 2.4.7 p2
Magento
Version 2.4.7 p3
Magento
Version 2.4.7 p4
Magento
Version 2.4.7 p5
Magento
Version 2.4.8

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (1)

Source: psirt@adobe.com
Vendor Advisory

Timeline

No history available yet.