CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

ATTACKERKB•added 2026/03/10 8:1 p.m.•2 views

CVE-2026-29177

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Craft Commerce Order details. Malicious JavaScript can be injected via the Shipping Method Name, Order Reference, or Site Name. When a user opens the ord...

4.8CVSS5.8AI score0.00014EPSS

Exploits1References3Affected Software1

CVE•added 2026/03/10 8:1 p.m.•3 views

CVE-2026-29177

Summary of vulnerability (CVE-2026-29177) : Craft Commerce for Craft CMS has a stored XSS flaw in the Order Details slideout. User-supplied input in fields such as the Shipping Method Name, Order Reference, or Site Name can inject JavaScript that executes when a user opens the order details via d...

5.4CVSS5.8AI score0.00014EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/03/10 8:1 p.m.•3 views

CVE-2026-29177 Craft Commerce has Stored XSS in Craft Commerce Order Details Slideout

4.8CVSS5.8AI score0.00014EPSS

Exploits1References2

Cvelist•added 2026/03/10 8:1 p.m.•24 views

CVE-2026-29177 Craft Commerce has Stored XSS in Craft Commerce Order Details Slideout

4.8CVSS0.00014EPSS

Exploits1References2

OSV•added 2026/03/10 8:1 p.m.•3 views

CVE-2026-29177 Craft Commerce has Stored XSS in Craft Commerce Order Details Slideout

4.8CVSS5.8AI score0.00014EPSS

Exploits1References4

OSV•added 2026/03/10 6:24 p.m.•2 views

GHSA-MJ32-R678-7MVP Craft Commerce has stored XSS in Craft Commerce Order Details Slideout

Summary A Stored Cross-Site Scripting XSS vulnerability exists in the Craft Commerce Order details. Malicious JavaScript can be injected via the Shipping Method Name, Order Reference, or Site Name. When a user opens the order details slideout via a double-click on the order index page, the inject...

4.8CVSS5.8AI score0.00014EPSS

Exploits1References4

Github Security Blog•added 2026/03/10 6:24 p.m.•3 views

Craft Commerce has stored XSS in Craft Commerce Order Details Slideout

5.4CVSS5.8AI score0.00014EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/03/10 12:0 a.m.•1 views

PT-2026-24629

4.8CVSS5.8AI score

Exploits0References4

Positive Technologies•added 2026/03/10 12:0 a.m.•2 views

PT-2026-24419

4.8CVSS5.8AI score0.00014EPSS

Exploits1References3

CNNVD•added 2026/03/10 12:0 a.m.•2 views

Craft Commerce 跨站脚本漏洞

Craft Commerce is an e-commerce platform developed under the open-source Craft CMS framework. Versions prior to 4.10.2 and 5.5.3 of Craft Commerce contained a cross-site scripting vulnerability. This vulnerability stemmed from improper filtering of the Shipping Method Name, Order Reference, or Si...

5.4CVSS5.7AI score0.00014EPSS

Exploits1References2

Positive Technologies•added 2025/12/06 12:0 a.m.•2 views

PT-2025-49345

The Helloprint plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.2. This is due to the plugin registering a public REST API endpoint without implementing authorization checks to verify request authenticity. This makes it possible for unauthenticated...

5.3CVSS6AI score0.00106EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by