PT-2026-40402 · Adobe · Commerce

Michele

+1

·

Published

2026-05-12

·

Updated

2026-05-12

·

CVE-2026-34658

CVSS v2.0

5.5

Medium

VectorAV:N/AC:L/Au:S/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions Adobe Commerce versions prior to 2.4.9-beta1
Description A stored Cross-Site Scripting (XSS) issue allows a high-privileged attacker to inject malicious scripts into vulnerable form fields. These scripts execute in the browser of a victim who visits the page containing the affected field.
Recommendations Update to a version newer than 2.4.9-beta1.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2026-06650
CVE-2026-34658

Affected Products

Commerce