Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/02/04 7:28 p.m.3 views

CVE-2026-25489

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Name & Description fields in Ta...

6.1CVSS5.4AI score0.00283EPSS
Exploits1References1
NVD
NVD
added 2026/02/03 7:16 p.m.9 views

CVE-2026-25489

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Name & Description fields in Ta...

6.1CVSS0.00283EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:7 p.m.3 views

CVE-2026-25489

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Name & Description fields in Ta...

6.1CVSS5.4AI score0.00283EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/02/03 6:7 p.m.4 views

CVE-2026-25489 Craft Commerce has Stored XSS in Tax Zones (Name & Description) Leading to Potential Privilege Escalation

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Name & Description fields in Ta...

6.1CVSS5.4AI score0.00283EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/03 6:7 p.m.29 views

CVE-2026-25489 Craft Commerce has Stored XSS in Tax Zones (Name & Description) Leading to Potential Privilege Escalation

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Name & Description fields in Ta...

6.1CVSS0.00283EPSS
Exploits1References4
CVE
CVE
added 2026/02/03 6:7 p.m.20 views

CVE-2026-25489

Craft Commerce (Craft CMS) has a stored XSS vulnerability in the Tax Zones Name and Description fields that can execute injected JavaScript in an administrator’s browser. Affected versions are 4.0.0-RC1 through 4.10.0 and 5.0.0 through 5.5.1; the issue arises because sanitization is insufficient ...

6.1CVSS5.4AI score0.00283EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 6:7 p.m.1 views

CVE-2026-25489 Craft Commerce has Stored XSS in Tax Zones (Name & Description) Leading to Potential Privilege Escalation

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Name & Description fields in Ta...

6.1CVSS5.4AI score0.00283EPSS
Exploits1References4
OSV
OSV
added 2026/02/02 11:0 p.m.7 views

GHSA-V585-MF6R-RQRC Craft Commerce has Stored XSS in Tax Zones (Name & Description) Leading to Potential Privilege Escalation

Summary A stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Name & Description fields in Tax Zones are not properly sanitized before being displayed in the admin panel. Proof of Concept Requirments -...

6.1CVSS5.8AI score0.00283EPSS
Exploits1References6
Snyk
Snyk
added 2026/02/02 11:0 p.m.1 views

Cross-site Scripting (XSS)

Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Name and Description fields in the tax zones configuration. An attacker can execute arbitrary JavaScript code in an administrator's browser by submitting crafted...

6.1CVSS5.6AI score0.00283EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/02/02 11:0 p.m.7 views

Craft Commerce has Stored XSS in Tax Zones (Name & Description) Leading to Potential Privilege Escalation

Summary A stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Name & Description fields in Tax Zones are not properly sanitized before being displayed in the admin panel. Proof of Concept Requirments -...

6.1CVSS5.7AI score0.00283EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.2 views

PT-2026-5749

Name of the Vulnerable Software and Affected Versions Craft Commerce versions 4.0.0-RC1 through 4.10.0 Craft Commerce versions 5.0.0 through 5.5.1 Description Craft Commerce, an ecommerce platform for Craft CMS, contains a stored cross-site scripting XSS issue. The issue stems from insufficient...

6.1CVSS5.1AI score0.00283EPSS
Exploits1References9
Rows per page
Query Builder