Lucene search
K

8 matches found

NVD
NVD
added 2026/02/03 7:16 p.m.8 views

CVE-2026-25487

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator's browser. This occurs because the Tax Rates 'Name' field in the...

6.1CVSS0.00261EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:7 p.m.2 views

CVE-2026-25487

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator's browser. This occurs because the Tax Rates 'Name' field in the...

6.1CVSS5.5AI score0.00261EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 6:7 p.m.1 views

CVE-2026-25487 Craft CMS has Stored XSS in Tax Rates Name Leading to Potential Privilege Escalation

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator's browser. This occurs because the Tax Rates 'Name' field in the...

6.1CVSS5.5AI score0.00261EPSS
Exploits1References4
OSV
OSV
added 2026/02/03 6:7 p.m.5 views

CVE-2026-25487 Craft CMS has Stored XSS in Tax Rates Name Leading to Potential Privilege Escalation

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator's browser. This occurs because the Tax Rates 'Name' field in the...

6.1CVSS5.5AI score0.00261EPSS
Exploits1References6
CVE
CVE
added 2026/02/03 6:7 p.m.17 views

CVE-2026-25487

CVE-2026-25487 affects Craft Commerce (Craft CMS). A stored XSS flaw exists in the Tax Rates Name field displayed in the admin Store Management panel. Affected versions are 4.0.0-RC1 through 4.10.0 and 5.0.0 through 5.5.1. The issue enables attackers with store settings/taxes permissions to injec...

6.1CVSS5.5AI score0.00261EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/02/03 6:7 p.m.5 views

EUVD-2026-5205

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator's browser. This occurs because the Tax Rates 'Name' field in the...

6.1CVSS5.5AI score0.00261EPSS
Exploits1References4
OSV
OSV
added 2026/02/02 10:51 p.m.3 views

GHSA-WQC5-485V-3HQH Craft CMS has Stored XSS in Tax Rates Name Leading to Potential Privilege Escalation

Summary A stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator's browser. This occurs because the Tax Rates 'Name' field in the Store Management section is not properly sanitized before being displayed in the admin panel. Proof of Concept...

6.1CVSS5.8AI score0.00261EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/02/02 10:51 p.m.6 views

Craft CMS has Stored XSS in Tax Rates Name Leading to Potential Privilege Escalation

Summary A stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator's browser. This occurs because the Tax Rates 'Name' field in the Store Management section is not properly sanitized before being displayed in the admin panel. Proof of Concept...

6.1CVSS5.7AI score0.00261EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder