216.73.216.133

CVE-2025-24416

· Published 11/02/2025 18:15 · Modified 05/03/2025 18:35

Labels: CVE-2025-24416 2025-02-11CVE-2025-24416CWE-79[email protected]

Essential information

Published
11/02/2025 18:15
Modified
05/03/2025 18:35
Author
Creator
CVSS
8.7 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CVSS metrics

Description

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
adobe / commerce cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*
adobe / commerce b2b cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*
adobe / commerce b2b cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*
adobe / commerce b2b cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*
adobe / commerce b2b cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*
adobe / commerce b2b cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*
adobe / commerce b2b cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*
adobe / commerce b2b cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*
adobe / commerce b2b cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*
adobe / commerce b2b cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*
adobe / commerce b2b cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*
adobe / commerce b2b cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*
adobe / commerce b2b cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*
adobe / commerce b2b cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*
adobe / commerce b2b cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*
adobe / commerce b2b cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*
adobe / magento cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*

References