CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

RedhatCVE•added 2026/03/26 3:11 p.m.•2 views

CVE-2026-29176

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an...

4.8CVSS6.1AI score0.0001EPSS

Exploits0References1

NVD•added 2026/03/10 8:16 p.m.•2 views

CVE-2026-29176

4.8CVSS0.0001EPSS

Exploits0References2

EUVD•added 2026/03/10 7:59 p.m.•1 views

EUVD-2026-10821

4.8CVSS6AI score0.0001EPSS

Exploits0References2

OSV•added 2026/03/10 7:59 p.m.•2 views

CVE-2026-29176 Craft Commerce has Stored XSS in Inventory Location Name

4.8CVSS6AI score0.0001EPSS

Exploits0References4

CVE•added 2026/03/10 7:59 p.m.•3 views

CVE-2026-29176

CVE-2026-29176 affects Craft Commerce (Craft CMS). A stored XSS exists in the Commerce Settings – Inventory Locations page where the Name field is not properly HTML-escaped. The vulnerability is triggered when an administrator (or a user with product-editing permissions) creates or edits a varian...

4.8CVSS6AI score0.0001EPSS

Exploits0References2Affected Software1

Snyk•added 2026/03/10 6:23 p.m.•1 views

Cross-site Scripting (XSS)

Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering process of the Name field in the inventory locations table. An attacker can execute arbitrary JavaScript code by injecting malicious payloads into the Name...

4.8CVSS5.7AI score0.0001EPSS

Exploits0References2

Github Security Blog•added 2026/03/10 6:23 p.m.•2 views

Craft Commerce has stored XSS in Inventory Location Name

Summary A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an administrator or user with product editing permissions creates or...

4.8CVSS6AI score0.0001EPSS

Exploits0References4Affected Software1

OSV•added 2026/03/10 6:23 p.m.•0 views

GHSA-WJ89-2385-GPX3 Craft Commerce has stored XSS in Inventory Location Name

4.8CVSS6AI score0.0001EPSS

Exploits0References4

CNNVD•added 2026/03/10 12:0 a.m.•2 views

Craft Commerce 跨站脚本漏洞

Craft Commerce is an e-commerce platform developed under the open-source Craft CMS framework. Versions of Craft Commerce prior to 5.5.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper HTML escaping during the rendering of the Name field on the Commerce...

4.8CVSS5.7AI score0.0001EPSS

Exploits0References2

Positive Technologies•added 2026/03/10 12:0 a.m.•2 views

PT-2026-24418

4.8CVSS6AI score0.0001EPSS

Exploits0References3

Veracode•added 2026/02/09 8:7 p.m.•2 views

Cross-site Scripting (XSS)

craftcms/commerce is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the “Address Line 1” field in Inventory Locations, which allows an attacker to store and execute malicious JavaScript in an administrator’s browser via the admin panel...

6.3CVSS5.5AI score0.00012EPSS

Exploits1References4Affected Software3

RedhatCVE•added 2026/02/04 7:36 p.m.•2 views

CVE-2026-25490

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the 'Address Line 1' field in...

6.1CVSS5.5AI score0.00021EPSS

Exploits1References1

NVD•added 2026/02/03 7:16 p.m.•3 views

CVE-2026-25490

6.1CVSS0.00021EPSS

Exploits1References4

EUVD•added 2026/02/03 6:9 p.m.•2 views

EUVD-2026-5179

6.1CVSS5.5AI score0.00021EPSS

Exploits1References4

ATTACKERKB•added 2026/02/03 6:9 p.m.•2 views

CVE-2026-25490

6.1CVSS5.5AI score0.00021EPSS

Exploits1References5Affected Software1

Github Security Blog•added 2026/02/02 11:2 p.m.•3 views

Craft Commerce has Stored XSS in Inventory Location Address Leading to Potential Privilege Escalation

Summary A stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the 'Address Line 1' field in Inventory Locations is not properly sanitized before being displayed in the admin panel. Proof of Concept Required...

6.1CVSS5.7AI score0.00021EPSS

Exploits1References6Affected Software1

Snyk•added 2026/02/02 11:2 p.m.•1 views

Cross-site Scripting (XSS)

Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization of the Address Line 1 field in inventory locations. An attacker can execute arbitrary JavaScript in an administrator's browser by submitting crafte...

6.1CVSS5.6AI score0.00021EPSS

Exploits1References2

OSV•added 2026/02/02 11:2 p.m.•1 views

GHSA-WQ2M-R96Q-CRRF Craft Commerce has Stored XSS in Inventory Location Address Leading to Potential Privilege Escalation

6.1CVSS5.8AI score0.00021EPSS

Exploits1References6

Positive Technologies•added 2026/02/02 12:0 a.m.•1 views

PT-2026-5750

Name of the Vulnerable Software and Affected Versions Craft Commerce versions 4.0.0-RC1 through 4.10.0 Craft Commerce versions 5.0.0 through 5.5.1 Description Craft Commerce, an ecommerce platform for Craft CMS, contains a stored cross-site scripting XSS issue. The issue stems from insufficient...

6.1CVSS5.1AI score0.00021EPSS

Exploits1References9

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by