EUVD-2025-3695

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Magento Stored Cross-Site Scripting vulnerability identified for EUVD-2025-3695

Reporter	Title	Published	Views	Family All 15
ATTACKERKB	CVE-2025-24414	11 Feb 202518:15	–	attackerkb
BDU FSTEC	The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in the lack of protective measures for website structures, allowing attackers to perform cross-site scripting attacks (XSS).	13 Feb 202500:00	–	bdu_fstec
Circl	CVE-2025-24414	11 Feb 202518:19	–	circl
CNNVD	Adobe Commerce 跨站脚本漏洞	11 Feb 202500:00	–	cnnvd
CNVD	Adobe Commerce Cross-Site Scripting Vulnerability (CNVD-2025-05707)	17 Feb 202500:00	–	cnvd
CVE	CVE-2025-24414	11 Feb 202517:37	–	cve
Cvelist	CVE-2025-24414 Adobe Commerce \| Cross-site Scripting (Stored XSS) (CWE-79)	11 Feb 202517:37	–	cvelist
Github Security Blog	Magento Stored Cross-Site Scripting (XSS) Vulnerability	11 Feb 202518:31	–	github
NCSC	Vulnerabilities fixed in Adobe Commerce and Magento	13 Feb 202506:46	–	ncsc
NVD	CVE-2025-24414	11 Feb 202518:15	–	nvd

[
  {
    "enisaIdVendor": [
      {
        "id": "83d38d5f-e139-3dab-b9f2-81822079fd22",
        "vendor": {
          "name": "Adobe"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "0e8ad185-2466-3fc0-a8ed-5d21c0265707",
        "product": {
          "name": "Adobe Commerce"
        },
        "product_version": "0 ≤2.4.4-p11"
      },
      {
        "id": "5148ac36-89b2-3189-b857-7fc304253704",
        "product": {
          "name": "Adobe Commerce"
        },
        "product_version": "0 ≤2.4.8-beta1"
      }
    ]
  }
]

Source	Link
helpx	www.helpx.adobe.com/security/products/magento/apsb25-08.html
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-24414
github	www.github.com/magento/magento2

03 Oct 2025 20:07Current

8.3High risk

Vulners AI Score8.3

CVSS 3.18.7

EPSS0.01321

SSVC