CVE-2025-47110

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

8.4HIGH

EPSS

0.7%

top 27.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Magento Community-edition Adobe Adobe Commerce Adobe Commerce +2 more

Timeline

PublishedJun 10

Description

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Scope is changed to that of other high-privileged accounts, leading to a high impact on confidentiality, integrity, and …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:HExploitability: 1.7 | Impact: 6.0

Affected Packages5 packages

▶CVEListV5adobe/adobe_commerce2.4.4-p13

▶NVDadobe/commerce5 versions+4

▶NVDadobe/commerce_b2b5 versions+4

▶NVDadobe/magento4 versions+3

▶Packagistmagento/community-edition2.4.8-beta1 — 2.4.8-p1+3

🔴Vulnerability Details

OSV

Magneto contains stored XSS vulnerability↗2025-06-10

▶

CVEList

Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)↗2025-06-10

▶

GHSA

Magneto contains stored XSS vulnerability↗2025-06-10

▶