Such malicious JavaScript code — which is potentially targeted at exfiltrating the credentials of Cisco employees who usually use the site during the checkout process — may have been deployed through the exploitation of the critical XML external entity injection vulnerability in Adobe Commerce dubbed "CosmicSting."
Article Link: Malicious JavaScript facilitates Cisco store customer info theft | SC Media