8.7

CVE-2026-34686

Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, potentially gaining elevated access or control over the victim's account or session. Scope is changed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeCommerce Version2.4.4 Updatep1
AdobeCommerce Version2.4.4 Updatep10
AdobeCommerce Version2.4.4 Updatep11
AdobeCommerce Version2.4.4 Updatep12
AdobeCommerce Version2.4.4 Updatep13
AdobeCommerce Version2.4.4 Updatep14
AdobeCommerce Version2.4.4 Updatep15
AdobeCommerce Version2.4.4 Updatep16
AdobeCommerce Version2.4.4 Updatep17
AdobeCommerce Version2.4.4 Updatep2
AdobeCommerce Version2.4.4 Updatep3
AdobeCommerce Version2.4.4 Updatep4
AdobeCommerce Version2.4.4 Updatep5
AdobeCommerce Version2.4.4 Updatep6
AdobeCommerce Version2.4.4 Updatep7
AdobeCommerce Version2.4.4 Updatep8
AdobeCommerce Version2.4.4 Updatep9
AdobeCommerce Version2.4.5 Updatep1
AdobeCommerce Version2.4.5 Updatep10
AdobeCommerce Version2.4.5 Updatep11
AdobeCommerce Version2.4.5 Updatep12
AdobeCommerce Version2.4.5 Updatep13
AdobeCommerce Version2.4.5 Updatep14
AdobeCommerce Version2.4.5 Updatep15
AdobeCommerce Version2.4.5 Updatep16
AdobeCommerce Version2.4.5 Updatep2
AdobeCommerce Version2.4.5 Updatep3
AdobeCommerce Version2.4.5 Updatep4
AdobeCommerce Version2.4.5 Updatep5
AdobeCommerce Version2.4.5 Updatep6
AdobeCommerce Version2.4.5 Updatep7
AdobeCommerce Version2.4.5 Updatep8
AdobeCommerce Version2.4.5 Updatep9
AdobeCommerce Version2.4.6 Updatep1
AdobeCommerce Version2.4.6 Updatep10
AdobeCommerce Version2.4.6 Updatep11
AdobeCommerce Version2.4.6 Updatep12
AdobeCommerce Version2.4.6 Updatep13
AdobeCommerce Version2.4.6 Updatep14
AdobeCommerce Version2.4.6 Updatep2
AdobeCommerce Version2.4.6 Updatep3
AdobeCommerce Version2.4.6 Updatep4
AdobeCommerce Version2.4.6 Updatep5
AdobeCommerce Version2.4.6 Updatep6
AdobeCommerce Version2.4.6 Updatep7
AdobeCommerce Version2.4.6 Updatep8
AdobeCommerce Version2.4.6 Updatep9
AdobeCommerce Version2.4.7 Updateb1
AdobeCommerce Version2.4.7 Updateb2
AdobeCommerce Version2.4.7 Updatebeta3
AdobeCommerce Version2.4.7 Updatep1
AdobeCommerce Version2.4.7 Updatep2
AdobeCommerce Version2.4.7 Updatep3
AdobeCommerce Version2.4.7 Updatep4
AdobeCommerce Version2.4.7 Updatep5
AdobeCommerce Version2.4.7 Updatep6
AdobeCommerce Version2.4.7 Updatep7
AdobeCommerce Version2.4.7 Updatep8
AdobeCommerce Version2.4.7 Updatep9
AdobeCommerce Version2.4.8
AdobeCommerce Version2.4.8 Updatebeta1
AdobeCommerce Version2.4.8 Updatebeta2
AdobeCommerce Version2.4.8 Updatep1
AdobeCommerce Version2.4.8 Updatep2
AdobeCommerce Version2.4.8 Updatep3
AdobeCommerce Version2.4.8 Updatep4
AdobeCommerce Version2.4.9 Updatebeta1
AdobeCommerce B2b Version1.3.3 Update-
AdobeCommerce B2b Version1.3.3 Updatep1
AdobeCommerce B2b Version1.3.3 Updatep10
AdobeCommerce B2b Version1.3.3 Updatep11
AdobeCommerce B2b Version1.3.3 Updatep12
AdobeCommerce B2b Version1.3.3 Updatep13
AdobeCommerce B2b Version1.3.3 Updatep14
AdobeCommerce B2b Version1.3.3 Updatep15
AdobeCommerce B2b Version1.3.3 Updatep16
AdobeCommerce B2b Version1.3.3 Updatep17
AdobeCommerce B2b Version1.3.3 Updatep2
AdobeCommerce B2b Version1.3.3 Updatep3
AdobeCommerce B2b Version1.3.3 Updatep4
AdobeCommerce B2b Version1.3.3 Updatep5
AdobeCommerce B2b Version1.3.3 Updatep6
AdobeCommerce B2b Version1.3.3 Updatep7
AdobeCommerce B2b Version1.3.3 Updatep8
AdobeCommerce B2b Version1.3.3 Updatep9
AdobeCommerce B2b Version1.3.4 Update-
AdobeCommerce B2b Version1.3.4 Updatep1
AdobeCommerce B2b Version1.3.4 Updatep10
AdobeCommerce B2b Version1.3.4 Updatep11
AdobeCommerce B2b Version1.3.4 Updatep12
AdobeCommerce B2b Version1.3.4 Updatep13
AdobeCommerce B2b Version1.3.4 Updatep14
AdobeCommerce B2b Version1.3.4 Updatep15
AdobeCommerce B2b Version1.3.4 Updatep16
AdobeCommerce B2b Version1.3.4 Updatep2
AdobeCommerce B2b Version1.3.4 Updatep3
AdobeCommerce B2b Version1.3.4 Updatep4
AdobeCommerce B2b Version1.3.4 Updatep5
AdobeCommerce B2b Version1.3.4 Updatep6
AdobeCommerce B2b Version1.3.4 Updatep7
AdobeCommerce B2b Version1.3.4 Updatep8
AdobeCommerce B2b Version1.3.4 Updatep9
AdobeCommerce B2b Version1.4.2 Update-
AdobeCommerce B2b Version1.4.2 Updatep1
AdobeCommerce B2b Version1.4.2 Updatep2
AdobeCommerce B2b Version1.4.2 Updatep3
AdobeCommerce B2b Version1.4.2 Updatep4
AdobeCommerce B2b Version1.4.2 Updatep5
AdobeCommerce B2b Version1.4.2 Updatep6
AdobeCommerce B2b Version1.4.2 Updatep7
AdobeCommerce B2b Version1.4.2 Updatep8
AdobeCommerce B2b Version1.4.2 Updatep9
AdobeCommerce B2b Version1.5.2 Update-
AdobeCommerce B2b Version1.5.2 Updatep1
AdobeCommerce B2b Version1.5.2 Updatep2
AdobeCommerce B2b Version1.5.2 Updatep3
AdobeCommerce B2b Version1.5.2 Updatep4
AdobeCommerce B2b Version1.5.3 Updatebeta1
AdobeMagento Version2.4.6 Update- SwEditionopen_source
AdobeMagento Version2.4.6 Updatep1 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep10 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep11 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep12 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep13 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep14 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep2 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep3 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep4 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep5 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep6 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep7 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep8 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep9 SwEditionopen_source
AdobeMagento Version2.4.7 Update- SwEditionopen_source
AdobeMagento Version2.4.7 Updateb1 SwEditionopen_source
AdobeMagento Version2.4.7 Updateb2 SwEditionopen_source
AdobeMagento Version2.4.7 Updatebeta3 SwEditionopen_source
AdobeMagento Version2.4.7 Updatep1 SwEditionopen_source
AdobeMagento Version2.4.7 Updatep2 SwEditionopen_source
AdobeMagento Version2.4.7 Updatep3 SwEditionopen_source
AdobeMagento Version2.4.7 Updatep4 SwEditionopen_source
AdobeMagento Version2.4.7 Updatep5 SwEditionopen_source
AdobeMagento Version2.4.7 Updatep6 SwEditionopen_source
AdobeMagento Version2.4.7 Updatep7 SwEditionopen_source
AdobeMagento Version2.4.7 Updatep8 SwEditionopen_source
AdobeMagento Version2.4.7 Updatep9 SwEditionopen_source
AdobeMagento Version2.4.8 Update- SwEditionopen_source
AdobeMagento Version2.4.8 Updatebeta1 SwEditionopen_source
AdobeMagento Version2.4.8 Updatebeta2 SwEditionopen_source
AdobeMagento Version2.4.8 Updatep1 SwEditionopen_source
AdobeMagento Version2.4.8 Updatep2 SwEditionopen_source
AdobeMagento Version2.4.8 Updatep3 SwEditionopen_source
AdobeMagento Version2.4.8 Updatep4 SwEditionopen_source
AdobeMagento Version2.4.9 Updatebeta1 SwEditionopen_source
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.01% 0.021
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@adobe.com 8.7 2.3 5.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.