Vulnerability-Lookup

CVE-2025-54264 (GCVE-0-2025-54264)

Vulnerability from cvelistv5 – Published: 2025-10-14 20:27 – Updated: 2026-02-26 16:57

Title

Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Summary

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)

Assigner

adobe

References

URL

	Vendor	Product	Version
	Adobe	Adobe Commerce	Affected: 0 , ≤ 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 (semver)

FKIE_CVE-2025-54264

Vulnerability from fkie_nvd - Published: 2025-10-14 21:15 - Updated: 2025-10-20 13:47

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

Summary

References

	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-94.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce	2.4.8
adobe	commerce	2.4.8
adobe	commerce	2.4.8
adobe	commerce	2.4.8
adobe	commerce	2.4.9
adobe	commerce	2.4.9
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.3.5
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.2
adobe	commerce_b2b	1.5.2
adobe	commerce_b2b	1.5.2
adobe	commerce_b2b	1.5.3
adobe	commerce_b2b	1.5.3
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.9
adobe	magento	2.4.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "D9D01159-3309-4F6B-93B0-2D89DDD33DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*",
              "matchCriteriaId": "91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*",
              "matchCriteriaId": "8412C043-64E7-4DFF-A303-13A6FE113BFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:*",
              "matchCriteriaId": "BBDA2BCF-E784-4CF3-B30D-6FF5BEE2055F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "E82D10D8-2894-4E5B-B47B-F00964DD5CDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*",
              "matchCriteriaId": "B044F2D9-E888-4852-8A40-DCE688860ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*",
              "matchCriteriaId": "6423C754-36F9-4680-9211-60940ED63E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p14:*:*:*:*:*:*",
              "matchCriteriaId": "3472064A-8C79-436B-965A-96834AE8D346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*",
              "matchCriteriaId": "E57889CC-3E90-46AF-9CD6-3328DD501AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*",
              "matchCriteriaId": "47A86566-DE38-4032-947D-B6181F0BC120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p12:*:*:*:*:*:*",
              "matchCriteriaId": "B7D1D684-CE7E-4D6D-95B5-1F86A8DB6C66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*",
              "matchCriteriaId": "73D22D42-646D-4955-A6F9-9B7BA63DC0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "83FD1220-7D46-42B2-8110-30A934144572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3F1439CE-8A3B-414A-B974-559209FF480C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*",
              "matchCriteriaId": "13726DEE-FFCB-447B-9FFF-136F132F2C4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p7:*:*:*:*:*:*",
              "matchCriteriaId": "1A9443CE-AE1F-4D66-9C88-5E2E3FD28EE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "1EE12F4B-5607-4790-A29B-EE23383BCC1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "C9E12B43-AD3E-48A2-9042-5586186CA3BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:p1:*:*:*:*:*:*",
              "matchCriteriaId": "C267AF14-7BA8-4D1F-BCD9-BE3ED0DA3D25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:p2:*:*:*:*:*:*",
              "matchCriteriaId": "B4947C63-CFD9-437B-A09E-A197DCE40095",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.9:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "37F32F70-7B2A-4BAB-B3F0-AFF5C04CCDED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.9:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "8B6B7609-6A8E-4154-BC05-2A9099909684",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "E396FB4F-B20A-4BF9-8FBD-014A0F197F08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*",
              "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*",
              "matchCriteriaId": "6FE364A8-4780-426F-9E8A-284A31FE2623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*",
              "matchCriteriaId": "F9258027-8A6A-4C6A-BC6F-349B6E03D828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15:*:*:*:*:*:*",
              "matchCriteriaId": "934C52C7-8751-481E-BAA7-F631C4E31F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "5677B7E2-FA07-4536-96A9-2C64BEFD3751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*",
              "matchCriteriaId": "2DCD1522-6E27-474F-9FC6-413409D6AD55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*",
              "matchCriteriaId": "B7968FCA-CCFD-4222-8FB8-E6E21107944F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*",
              "matchCriteriaId": "8C175A1F-7814-4C51-A7B7-AD5140F0688F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E66CBFB3-40C3-474A-A3A3-12135F610814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*",
              "matchCriteriaId": "F51DFA17-1875-41A9-B141-D89BB6238B3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*",
              "matchCriteriaId": "5A4D10EF-9137-4DF5-A5DD-97907E8B4C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*",
              "matchCriteriaId": "5CD0DC76-7181-4954-A59E-AB7BB47D0576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "374E7EDD-512A-4633-A136-01A656935334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "FA80AFCE-2663-46C0-AEC0-C16C8E675E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*",
              "matchCriteriaId": "EB9955CA-7E7B-40D3-A85D-58BB0D9AC897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p14:*:*:*:*:*:*",
              "matchCriteriaId": "5D0A17AC-D433-47C2-A1AC-88291DCCECCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "0E9D364A-C858-4160-8B8B-33ECF94796D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "61559E50-581E-40FF-9FD4-10192ECFCD04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "DE3BFB41-5633-4167-B1EA-9E958BCE9DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "F2C525D2-837D-486A-8B38-5634AE2ECE2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6F220229-F2DF-4C9D-90A6-8B09F8BE3391",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "63AB9506-3F8E-4C2E-A859-2380431C15A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "51B76658-EA6B-4AC9-9D9C-374C5308D069",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "E888424C-B9F2-4AE7-A77A-39F34143548F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "A4BE67D7-6463-4179-8C68-298CF960DBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "6CFD1C81-A05D-4E92-9BF5-244021808C77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p12:*:*:*:*:*:*",
              "matchCriteriaId": "0ADE4696-7DAE-45F3-9161-04AF9FB8DAB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "CE97B86B-32CE-4E7F-BA98-C1059BF7BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "41CEF959-997F-47C9-8186-D4D56C6F4D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "A83DCE0F-E201-4753-9164-F01D46172248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "8CFAABD7-7658-4A32-B5E3-13F6214BABCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "CE880F0B-EC8C-429B-9257-E6F890872F7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*",
              "matchCriteriaId": "9C360EA8-B18F-4327-90EF-7EED2892BE4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*",
              "matchCriteriaId": "500E3A54-D7C7-4887-9EA6-7DF85389A831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p7:*:*:*:*:*:*",
              "matchCriteriaId": "ED6FFC1D-E921-4FF7-9928-015630613FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "D855D141-7876-4F5A-91BE-6350DD379879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "79CBDF59-EB84-44D3-81CF-5CBF943B411E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "2117B163-D88E-4EB4-AEA7-F27FB732BD48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "508EE0EF-D54A-4834-84AB-FFC62040FDAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "4D7C6592-33B0-4586-8178-E8F4EB837B7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "AE842CC8-7795-4238-B727-0BA2FFFBF62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "AE724531-422D-4ABB-98F5-2C0B1BBEF031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p12:*:*:open_source:*:*:*",
              "matchCriteriaId": "BB499397-0E40-45B0-A7E9-BEFCC909DD07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "A91E797D-63F6-4DE8-869C-AF0133DC6C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7EB4B9C5-513C-4039-8087-5E8880894318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9830E074-FDCF-41E9-98C7-10C20424EF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D0C8648-B39E-47C7-AA5C-3AFED22F8D40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "082F8B60-ECC5-4C55-BBFE-A0C8A3E95590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "A7B83AD4-3134-414A-80E3-106C3C0F975A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "00E8284F-10CD-449C-AEF1-688B8287292F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*",
              "matchCriteriaId": "2957B390-52C5-48D7-A6D7-709BC76B9C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "524F64B6-F7F7-4926-884F-E9448636007C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "9F56F919-69B6-4A77-B8CE-F13409542F14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.9:alpha1:*:*:open_source:*:*:*",
              "matchCriteriaId": "E34849F7-54EE-4E4C-9184-3DE9C30E12AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.9:alpha2:*:*:open_source:*:*:*",
              "matchCriteriaId": "4E21DFF0-9F15-44D2-B78A-097BF3ACD752",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed."
    }
  ],
  "id": "CVE-2025-54264",
  "lastModified": "2025-10-20T13:47:24.190",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 5.8,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-10-14T21:15:35.077",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    }
  ]
}

CNVD-2025-24163

Vulnerability from cnvd - Published: 2025-10-17

Title

Adobe Commerce跨站脚本漏洞（CNVD-2025-24163）

Description

Adobe Commerce是美国奥多比（Adobe）公司的一种面向商家和品牌的全球领先的数字商务解决方案。 Adobe Commerce存在跨站脚本漏洞，该漏洞源于应用对用户提供的数据缺乏有效过滤与转义，攻击者可利用该漏洞通过注入精心设计的有效载荷执行任意Web脚本或HTML。

Severity

高

Patch Name

Adobe Commerce跨站脚本漏洞（CNVD-2025-24163）的补丁

Patch Description

Adobe Commerce是美国奥多比（Adobe）公司的一种面向商家和品牌的全球领先的数字商务解决方案。 Adobe Commerce存在跨站脚本漏洞，该漏洞源于应用对用户提供的数据缺乏有效过滤与转义，攻击者可利用该漏洞通过注入精心设计的有效载荷执行任意Web脚本或HTML。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://helpx.adobe.com/security/products/magento/apsb25-94.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-54264

Impacted products

Name
['Adobe Adobe Commerce <=2.4.9-alpha2', 'Adobe Adobe Commerce <=2.4.8-p2', 'Adobe Adobe Commerce <=2.4.7-p7', 'Adobe Adobe Commerce <=2.4.6-p12', 'Adobe Adobe Commerce <=2.4.5-p14', 'Adobe Adobe Commerce <=2.4.4-p15']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-54264",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-54264"
    }
  },
  "description": "Adobe Commerce\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u79cd\u9762\u5411\u5546\u5bb6\u548c\u54c1\u724c\u7684\u5168\u7403\u9886\u5148\u7684\u6570\u5b57\u5546\u52a1\u89e3\u51b3\u65b9\u6848\u3002\n\nAdobe Commerce\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u7f3a\u4e4f\u6709\u6548\u8fc7\u6ee4\u4e0e\u8f6c\u4e49\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u6ce8\u5165\u7cbe\u5fc3\u8bbe\u8ba1\u7684\u6709\u6548\u8f7d\u8377\u6267\u884c\u4efb\u610fWeb\u811a\u672c\u6216HTML\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://helpx.adobe.com/security/products/magento/apsb25-94.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-24163",
  "openTime": "2025-10-17",
  "patchDescription": "Adobe Commerce\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u79cd\u9762\u5411\u5546\u5bb6\u548c\u54c1\u724c\u7684\u5168\u7403\u9886\u5148\u7684\u6570\u5b57\u5546\u52a1\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nAdobe Commerce\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u7f3a\u4e4f\u6709\u6548\u8fc7\u6ee4\u4e0e\u8f6c\u4e49\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u6ce8\u5165\u7cbe\u5fc3\u8bbe\u8ba1\u7684\u6709\u6548\u8f7d\u8377\u6267\u884c\u4efb\u610fWeb\u811a\u672c\u6216HTML\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Commerce\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2025-24163\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Adobe Adobe Commerce \u003c=2.4.9-alpha2",
      "Adobe Adobe Commerce \u003c=2.4.8-p2",
      "Adobe Adobe Commerce \u003c=2.4.7-p7",
      "Adobe Adobe Commerce \u003c=2.4.6-p12",
      "Adobe Adobe Commerce \u003c=2.4.5-p14",
      "Adobe Adobe Commerce \u003c=2.4.4-p15"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-54264",
  "serverity": "\u9ad8",
  "submitTime": "2025-10-17",
  "title": "Adobe Commerce\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2025-24163\uff09"
}

CERTFR-2025-AVI-0876

Vulnerability from certfr_avis - Published: 2025-10-15 - Updated: 2025-10-15

De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Adobe	Magento	Adobe Commerce versions 2.4.9-x antérieures à 2.4.9-alpha3
Adobe	Magento	Magento Open Source versions 2.4.8-x antérieures à 2.4.8-p3
Adobe	Magento	Magento Open Source versions 2.4.6-x antérieures à 2.4.6-p13
Adobe	Commerce	Adobe Commerce versions 2.4.7-x antérieures à 2.4.7-p8
Adobe	Commerce	Adobe Commerce versions 2.4.5-x antérieures à 2.4.5-p15
Adobe	Commerce	Adobe Commerce B2B versions 1.5.2-x antérieures à 1.5.2-p3
Adobe	Commerce	Adobe Commerce versions 2.4.6-x antérieures à 2.4.6-p13
Adobe	Commerce	Adobe Commerce B2B versions 1.5.3-x antérieures à 1.5.3-alpha3
Adobe	Commerce	Adobe Commerce B2B versions 1.3.3-x antérieures à 1.3.3-p16
Adobe	Commerce	Adobe Commerce versions 2.4.9-x antérieures à 2.4.9-alpha3
Adobe	Commerce	Adobe Commerce versions antérieures à 2.4.4-p16
Adobe	Commerce	Adobe Commerce versions 2.4.8-x antérieures à 2.4.8-p3
Adobe	Magento	Magento Open Source versions 2.4.7-x antérieures à 2.4.7-p8
Adobe	Commerce	Adobe Commerce B2B versions 1.4.2-x antérieures à 1.4.2-p8
Adobe	Commerce	Adobe Commerce B2B versions 1.3.4-x antérieures à 1.3.4-p13
Adobe	Magento	Adobe Commerce versions antérieures à 2.4.5-p15

References

Title

Publication Time

GHSA-2768-5WMV-CFFF

Vulnerability from github – Published: 2025-10-14 21:30 – Updated: 2025-10-21 21:04

Summary

Magento vulnerable to stored Cross-Site Scripting (XSS)

Details

Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.

Severity ?

8.1 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/project-community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.9-alpha1"
            },
            {
              "fixed": "2.4.9-alpha3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.8-beta1"
            },
            {
              "fixed": "2.4.8-p3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.7-beta1"
            },
            {
              "fixed": "2.4.7-p8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.6-p13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "versions": [
        "2.4.8"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "versions": [
        "2.4.7"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "versions": [
        "2.4.6"
      ]
    }
  ],
  "aliases": [
    "CVE-2025-54264"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-21T21:04:38Z",
    "nvd_published_at": "2025-10-14T21:15:35Z",
    "severity": "HIGH"
  },
  "details": "Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.",
  "id": "GHSA-2768-5wmv-cfff",
  "modified": "2025-10-21T21:04:38Z",
  "published": "2025-10-14T21:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54264"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/magento/magento2"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Magento vulnerable to stored Cross-Site Scripting (XSS)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-54264 (GCVE-0-2025-54264)

FKIE_CVE-2025-54264

CNVD-2025-24163

CERTFR-2025-AVI-0876

Solutions

GHSA-2768-5WMV-CFFF

Tags

Sightings

Nomenclature