CVE-2025-24428
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Vendor
Product
CWE
Yayın Tarihi
2025-02-11 18:15:45
Güncelleme
2025-03-03 15:51:40
Source Identifier
psirt@adobe.com
KEV Date Added
-