← Back

CVE-2025-54266

nvd nist
Published: Oct 14, 2025Modified: Oct 20, 2025

JSON object

Loading...
4.8
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Exploitability: 1.7 / Impact: 2.7
Source: psirt@adobe.com (Secondary)

Description

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.

Affected (150)

Adobe
3 products
Commerce
Commerce B2b
Magento
Configuration A
62 vulnerable
Vulnerable SoftwareAffected Versions
Adobe
Commerce
Version 2.4.4
Commerce
Version 2.4.4 p10
Commerce
Version 2.4.4 p11
Commerce
Version 2.4.4 p12
Commerce
Version 2.4.4 p13
Commerce
Version 2.4.4 p14
Commerce
Version 2.4.4 p15
Commerce
Version 2.4.4 p1
Commerce
Version 2.4.4 p2
Commerce
Version 2.4.4 p3
Commerce
Version 2.4.4 p4
Commerce
Version 2.4.4 p5
Commerce
Version 2.4.4 p6
Commerce
Version 2.4.4 p7
Commerce
Version 2.4.4 p8
Commerce
Version 2.4.4 p9
Commerce
Version 2.4.5
Commerce
Version 2.4.5 p10
Commerce
Version 2.4.5 p11
Commerce
Version 2.4.5 p12
Commerce
Version 2.4.5 p13
Commerce
Version 2.4.5 p14
Commerce
Version 2.4.5 p1
Commerce
Version 2.4.5 p2
Commerce
Version 2.4.5 p3
Commerce
Version 2.4.5 p4
Commerce
Version 2.4.5 p5
Commerce
Version 2.4.5 p6
Commerce
Version 2.4.5 p7
Commerce
Version 2.4.5 p8
Commerce
Version 2.4.5 p9
Commerce
Version 2.4.6
Commerce
Version 2.4.6 p10
Commerce
Version 2.4.6 p11
Commerce
Version 2.4.6 p12
Commerce
Version 2.4.6 p1
Commerce
Version 2.4.6 p2
Commerce
Version 2.4.6 p3
Commerce
Version 2.4.6 p4
Commerce
Version 2.4.6 p5
Commerce
Version 2.4.6 p6
Commerce
Version 2.4.6 p7
Commerce
Version 2.4.6 p8
Commerce
Version 2.4.6 p9
Commerce
Version 2.4.7
Commerce
Version 2.4.7 b1
Commerce
Version 2.4.7 b2
Commerce
Version 2.4.7 beta3
Commerce
Version 2.4.7 p1
Commerce
Version 2.4.7 p2
Commerce
Version 2.4.7 p3
Commerce
Version 2.4.7 p4
Commerce
Version 2.4.7 p5
Commerce
Version 2.4.7 p6
Commerce
Version 2.4.7 p7
Commerce
Version 2.4.8
Commerce
Version 2.4.8 beta1
Commerce
Version 2.4.8 beta2
Commerce
Version 2.4.8 p1
Commerce
Version 2.4.8 p2
Commerce
Version 2.4.9 alpha1
Commerce
Version 2.4.9 alpha2
Configuration B
57 vulnerable
Vulnerable SoftwareAffected Versions
Adobe
Commerce B2b
Version 1.3.3
Commerce B2b
Version 1.3.3 p10
Commerce B2b
Version 1.3.3 p11
Commerce B2b
Version 1.3.3 p12
Commerce B2b
Version 1.3.3 p13
Commerce B2b
Version 1.3.3 p14
Commerce B2b
Version 1.3.3 p15
Commerce B2b
Version 1.3.3 p1
Commerce B2b
Version 1.3.3 p2
Commerce B2b
Version 1.3.3 p3
Commerce B2b
Version 1.3.3 p4
Commerce B2b
Version 1.3.3 p5
Commerce B2b
Version 1.3.3 p6
Commerce B2b
Version 1.3.3 p7
Commerce B2b
Version 1.3.3 p8
Commerce B2b
Version 1.3.3 p9
Commerce B2b
Version 1.3.4
Commerce B2b
Version 1.3.4 p10
Commerce B2b
Version 1.3.4 p11
Commerce B2b
Version 1.3.4 p12
Commerce B2b
Version 1.3.4 p13
Commerce B2b
Version 1.3.4 p14
Commerce B2b
Version 1.3.4 p1
Commerce B2b
Version 1.3.4 p2
Commerce B2b
Version 1.3.4 p3
Commerce B2b
Version 1.3.4 p4
Commerce B2b
Version 1.3.4 p5
Commerce B2b
Version 1.3.4 p6
Commerce B2b
Version 1.3.4 p7
Commerce B2b
Version 1.3.4 p8
Commerce B2b
Version 1.3.4 p9
Commerce B2b
Version 1.3.5
Commerce B2b
Version 1.3.5 p10
Commerce B2b
Version 1.3.5 p11
Commerce B2b
Version 1.3.5 p12
Commerce B2b
Version 1.3.5 p1
Commerce B2b
Version 1.3.5 p2
Commerce B2b
Version 1.3.5 p3
Commerce B2b
Version 1.3.5 p4
Commerce B2b
Version 1.3.5 p5
Commerce B2b
Version 1.3.5 p6
Commerce B2b
Version 1.3.5 p7
Commerce B2b
Version 1.3.5 p8
Commerce B2b
Version 1.3.5 p9
Commerce B2b
Version 1.4.2
Commerce B2b
Version 1.4.2 p1
Commerce B2b
Version 1.4.2 p2
Commerce B2b
Version 1.4.2 p3
Commerce B2b
Version 1.4.2 p4
Commerce B2b
Version 1.4.2 p5
Commerce B2b
Version 1.4.2 p6
Commerce B2b
Version 1.4.2 p7
Commerce B2b
Version 1.5.2
Commerce B2b
Version 1.5.2 p1
Commerce B2b
Version 1.5.2 p2
Commerce B2b
Version 1.5.3 alpha1
Commerce B2b
Version 1.5.3 alpha2
Configuration C
31 vulnerable
Vulnerable SoftwareAffected Versions
Adobe
Magento
Version 2.4.6
Magento
Version 2.4.6 p10
Magento
Version 2.4.6 p11
Magento
Version 2.4.6 p12
Magento
Version 2.4.6 p1
Magento
Version 2.4.6 p2
Magento
Version 2.4.6 p3
Magento
Version 2.4.6 p4
Magento
Version 2.4.6 p5
Magento
Version 2.4.6 p6
Magento
Version 2.4.6 p7
Magento
Version 2.4.6 p8
Magento
Version 2.4.6 p9
Magento
Version 2.4.7
Magento
Version 2.4.7 b1
Magento
Version 2.4.7 b2
Magento
Version 2.4.7 beta3
Magento
Version 2.4.7 p1
Magento
Version 2.4.7 p2
Magento
Version 2.4.7 p3
Magento
Version 2.4.7 p4
Magento
Version 2.4.7 p5
Magento
Version 2.4.7 p6
Magento
Version 2.4.7 p7
Magento
Version 2.4.8
Magento
Version 2.4.8 beta1
Magento
Version 2.4.8 beta2
Magento
Version 2.4.8 p1
Magento
Version 2.4.8 p2
Magento
Version 2.4.9 alpha1
Magento
Version 2.4.9 alpha2

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (1)

Source: psirt@adobe.com
Vendor Advisory

Timeline

No history available yet.