CVE-2026-21291

Medium CVSS: 4.8

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field.

Vendor

Adobe

Product

Commerce B2b

CWE

CWE-79

Yayın Tarihi

2026-03-11 03:15:53

Güncelleme

2026-03-11 18:21:44

Source Identifier

psirt@adobe.com

KEV Date Added

Kategoriler

CWE-79 Commerce B2b MEDIUM Adobe 2026

Referanslar

https://helpx.adobe.com/security/products/magento/apsb26-05.html

Benzer Kayıtlar

High

CVE-2026-27309

Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbi…

High

CVE-2026-21361

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a…

Medium

CVE-2026-21360

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an…

Medium

CVE-2026-21359

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an…

High

CVE-2026-21311

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a…

Medium

CVE-2026-21310

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an…