CVE-2025-47110

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.4 through 2.4.8

Description A stored Cross-Site Scripting (XSS) vulnerability could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. This issue affects Adobe Commerce and allows an attacker to inject code into vulnerable forms and execute it in the victim's browser.

Recommendations For Adobe Commerce versions 2.4.4 through 2.4.8, update to a version that includes the security patches for the stored XSS vulnerability. As a temporary workaround, consider restricting access to vulnerable form fields until a patch is available. Avoid using vulnerable email template processing until the issue is resolved.