2 matches found
EUVD-2026-43115
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from 3.3.0 to 3.3.6...
CVE-2026-10769
CVE-2026-10769 describes an Stored XSS in Drupal Commerce Core due to improper neutralization of input during web page generation. Affected versions are Commerce Core 3.3.0 through 3.3.6. Multiple connected sources (NVD/NVD entry, CVE listing, DRUPAL-SA-CONTRIB-2026-041 and OSV entry) corroborate...