CNNVD-202510-1719 Information

Oct 14, 2025 cve

CNNVD ID

CNNVD-202510-1719

CVE-2025-54266

  • CNNVD Published: 2025-10-14

Description (Chinese)

Adobe Commerce是美国奥多比(Adobe)公司的一种面向商家和品牌的全球领先的数字商务解决方案。 Adobe Commerce 2.4.9-alpha2版本、2.4.8-p2版本、2.4.7-p7版本、2.4.6-p12版本、2.4.5-p14版本、2.4.4-p15版本及之前版本存在跨站脚本漏洞,该漏洞源于高权限攻击者可向易受攻击的表单字段注入恶意脚本,可能导致存储型跨站脚本攻击。

Description (English)

Adobe Commerce is the leading global digital business solution for both business and brands in Adobe, United States. Adobe Common 2.4.9-alpha2 version, 2.4.8-p2 version, 2.4.7-p7 version, 2.4.6-p12 version, 2.4.5-p14 version, 2.4.4-p15 version and previous versions have cross-site script holes, which stem from the fact that high-authority attackers can inject malicious scripts into vulnerable table fields, which may lead to storage-type cross-site script attacks.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

奥多比

Published

2025-10-14

Last Modified

2026-02-24

References

https://helpx.adobe.com/security/products/magento/apsb25-94.html

Patch

https://helpx.adobe.com/security/products/magento/apsb25-94.html

Share on: