CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

RedhatCVE•added 2026/03/26 3:18 p.m.•1 views

CVE-2026-29177

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Craft Commerce Order details. Malicious JavaScript can be injected via the Shipping Method Name, Order Reference, or Site Name. When a user opens the ord...

5.4CVSS5.8AI score0.00014EPSS

Exploits1References1

NVD•added 2026/03/10 8:16 p.m.•1 views

CVE-2026-29177

5.4CVSS0.00014EPSS

Exploits1References2

ATTACKERKB•added 2026/03/10 8:1 p.m.•2 views

CVE-2026-29177

4.8CVSS5.8AI score0.00014EPSS

Exploits1References3Affected Software1

CVE•added 2026/03/10 8:1 p.m.•3 views

CVE-2026-29177

Summary of vulnerability (CVE-2026-29177) : Craft Commerce for Craft CMS has a stored XSS flaw in the Order Details slideout. User-supplied input in fields such as the Shipping Method Name, Order Reference, or Site Name can inject JavaScript that executes when a user opens the order details via d...

5.4CVSS5.8AI score0.00014EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/03/10 8:1 p.m.•3 views

CVE-2026-29177 Craft Commerce has Stored XSS in Craft Commerce Order Details Slideout

4.8CVSS5.8AI score0.00014EPSS

Exploits1References2

Cvelist•added 2026/03/10 8:1 p.m.•24 views

CVE-2026-29177 Craft Commerce has Stored XSS in Craft Commerce Order Details Slideout

4.8CVSS0.00014EPSS

Exploits1References2

OSV•added 2026/03/10 8:1 p.m.•3 views

CVE-2026-29177 Craft Commerce has Stored XSS in Craft Commerce Order Details Slideout

4.8CVSS5.8AI score0.00014EPSS

Exploits1References4

OSV•added 2026/03/10 6:24 p.m.•2 views

GHSA-MJ32-R678-7MVP Craft Commerce has stored XSS in Craft Commerce Order Details Slideout

Summary A Stored Cross-Site Scripting XSS vulnerability exists in the Craft Commerce Order details. Malicious JavaScript can be injected via the Shipping Method Name, Order Reference, or Site Name. When a user opens the order details slideout via a double-click on the order index page, the inject...

4.8CVSS5.8AI score0.00014EPSS

Exploits1References4

Snyk•added 2026/03/10 6:24 p.m.•0 views

Cross-site Scripting (XSS)

Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to Cross-site Scripting XSS in the processing of order details in the slideout interface when user-supplied input is rendered without proper sanitization in fields such as Shipping Method Name, Order...

5.4CVSS5.8AI score0.00014EPSS

Exploits1References2

Github Security Blog•added 2026/03/10 6:24 p.m.•3 views

Craft Commerce has stored XSS in Craft Commerce Order Details Slideout

5.4CVSS5.8AI score0.00014EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/03/10 12:0 a.m.•1 views

PT-2026-24629

4.8CVSS5.8AI score

Exploits0References4

Positive Technologies•added 2026/03/10 12:0 a.m.•2 views

PT-2026-24419

4.8CVSS5.8AI score0.00014EPSS

Exploits1References3

CNNVD•added 2026/03/10 12:0 a.m.•2 views

Craft Commerce 跨站脚本漏洞

Craft Commerce is an e-commerce platform developed under the open-source Craft CMS framework. Versions prior to 4.10.2 and 5.5.3 of Craft Commerce contained a cross-site scripting vulnerability. This vulnerability stemmed from improper filtering of the Shipping Method Name, Order Reference, or Si...

5.4CVSS5.7AI score0.00014EPSS

Exploits1References2

Snyk•added 2026/02/02 10:49 p.m.•1 views

Cross-site Scripting (XSS)

Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Name field in the shipping methods section of store management. An attacker can execute arbitrary JavaScript in an administrator's browser by submitting a crafted...

6.1CVSS5.5AI score0.0002EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by