CNNVD-202510-1746 Information

CNNVD ID

CNNVD-202510-1746

Related CVE

CVE-2025-54264

• CNNVD Published: 2025-10-14

Description (Chinese)

Adobe Commerce是美国奥多比（Adobe）公司的一种面向商家和品牌的全球领先的数字商务解决方案。 Adobe Commerce 2.4.9-alpha2版本、2.4.8-p2版本、2.4.7-p7版本、2.4.6-p12版本、2.4.5-p14版本和2.4.4-p15及之前版本存在跨站脚本漏洞，该漏洞源于存储型跨站脚本漏洞，可能导致高权限攻击者在易受攻击的表单字段中注入恶意脚本。

Description (English)

Adobe Commerce is the leading global digital business solution for both business and brands in Adobe, United States. Adobe Common 2.4.9-alpha2 version, 2.4.8-p2 version, 2.4.7-p7 version, 2.4.6-p12 version, 2.4.5-p14 version and 2.4.4-p15 and previous versions have cross-site script loopholes, which originate from storage-type cross-site scripts and may lead to the insertion of malicious scripts by high-authority attackers in vulnerable form fields.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

奥多比

Published

2025-10-14

Last Modified

2026-02-24

References

https://helpx.adobe.com/security/products/magento/apsb25-94.html

Patch

https://helpx.adobe.com/security/products/magento/apsb25-94.html