10 matches found
CVE-2026-29176
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an...
CVE-2026-29176 Craft Commerce has Stored XSS in Inventory Location Name
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an...
CVE-2026-29176 Craft Commerce has Stored XSS in Inventory Location Name
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an...
EUVD-2026-10820
Craft Commerce has stored XSS in Inventory Location Name...
PT-2026-24640
Summary A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an administrator or user with product editing permissions creates or...
CVE-2026-25490 Craft Commerce has Stored XSS in Inventory Location Address Leading to Potential Privilege Escalation
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the 'Address Line 1' field in...
CVE-2026-25490 Craft Commerce has Stored XSS in Inventory Location Address Leading to Potential Privilege Escalation
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the 'Address Line 1' field in...
CVE-2026-25490 Craft Commerce has Stored XSS in Inventory Location Address Leading to Potential Privilege Escalation
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the 'Address Line 1' field in...
CVE-2026-25490
CVE-2026-25490 describes a stored XSS in Craft Commerce (Craft CMS) affecting versions 4.0.0-RC1–4.10.0 and 5.0.0–5.5.1. The vulnerability stems from improper sanitization of the Address Line 1 field in Inventory Locations, allowing malicious JavaScript to run in an administrator’s browser when t...
Craft Commerce 跨站脚本漏洞
Craft Commerce is an e-commerce platform derived from the open-source Craft CMS. Versions of Craft Commerce from 4.0.0-RC1 to 4.10.0, as well as from 5.0.0 to 5.5.1, have a cross-site scripting vulnerability. This vulnerability stems from the address line 1 field in the inventory location not bei...