CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1 matches found

Github Security Blog•added 2026/02/02 10:43 p.m.•5 views

Craft Commerce has Stored XSS via Order Status Message with potential database exfiltration

Summary A stored XSS vulnerability exists in Craft Commerce’s Order Status History Message. The message is rendered using the |md filter, which permits raw HTML, enabling malicious script execution. If a user has database backup utility permissions which do not require an elevated session, an...

6.2CVSS5.5AI score0.00015EPSS

Exploits1References6Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by