Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HAdobe Commerce
APPAdobe2.4.42.4.5< 2.4.4Adobe Magento Open Source
APPAdobe2.4.42.4.5< 2.4.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEXSS
CWE
Related vulnerabilities
CVE-2025-54236CRITICAL9.1⚠ KEVPL ✓ten sam produkt
Adobe Commerce/Magento — przejęcie sesji przez Improper Input Validation
CVE-2024-34102CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Krytyczna podatność XXE w Adobe Commerce umożliwiająca RCE
CVE-2022-24086CRITICAL9.8⚠ KEVten sam produkt
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input va...
CVE-2025-24434CRITICAL9.1PL ✓ten sam produkt
Adobe Commerce — Incorrect Authorization umożliwiające privilege escalation
CVE-2024-45115CRITICAL9.8PL ✓ten sam produkt
Adobe Commerce — nieprawidłowe uwierzytelnienie umożliwiające privilege escalation