Lucene search
K

7 matches found

OSV
OSV
added 2026/02/03 6:5 p.m.7 views

CVE-2026-25482 Craft Commerce has Stored DOM XSS in Order Status Name (Reflects in "Recent Orders" Dashboard Widget)

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored DOM XSS vulnerability exists in the "Recent Orders" dashboard widget. The Order Status Name is rendered via JavaScript string concatenation without proper escaping, allowi...

6.2CVSS5.5AI score0.00304EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/03 6:5 p.m.32 views

CVE-2026-25482 Craft Commerce has Stored DOM XSS in Order Status Name (Reflects in "Recent Orders" Dashboard Widget)

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored DOM XSS vulnerability exists in the "Recent Orders" dashboard widget. The Order Status Name is rendered via JavaScript string concatenation without proper escaping, allowi...

6.2CVSS0.00304EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/03 6:5 p.m.2 views

CVE-2026-25482 Craft Commerce has Stored DOM XSS in Order Status Name (Reflects in "Recent Orders" Dashboard Widget)

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored DOM XSS vulnerability exists in the "Recent Orders" dashboard widget. The Order Status Name is rendered via JavaScript string concatenation without proper escaping, allowi...

6.2CVSS5.5AI score0.00304EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:5 p.m.3 views

CVE-2026-25482

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored DOM XSS vulnerability exists in the "Recent Orders" dashboard widget. The Order Status Name is rendered via JavaScript string concatenation without proper escaping, allowi...

6.2CVSS5.5AI score0.00304EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/02 10:41 p.m.6 views

Craft Commerce has Stored DOM XSS in Order Status Name (Reflects in "Recent Orders" Dashboard Widget)

Summary A stored DOM XSS vulnerability exists in the "Recent Orders" dashboard widget. The Order Status Name is rendered via JavaScript string concatenation without proper escaping, allowing script execution when any admin visits the dashboard. Users are recommended to update to the patched 5.5.2...

6.2CVSS5.6AI score0.00304EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.8 views

PT-2026-6417

Summary A stored DOM XSS vulnerability exists in the "Recent Orders" dashboard widget. The Order Status Name is rendered via JavaScript string concatenation without proper escaping, allowing script execution when any admin visits the dashboard. Users are recommended to update to the patched 5.5.2...

6.2CVSS5.7AI score0.00304EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.4 views

PT-2026-6293

Name of the Vulnerable Software and Affected Versions Craft Commerce versions 4.0.0-RC1 through 4.10.0 Craft Commerce versions 5.0.0 through 5.5.1 Description A stored DOM Cross-Site Scripting XSS issue exists within the "Recent Orders" dashboard widget. The Order Status Name is rendered using...

6.2CVSS5.6AI score0.00304EPSS
Exploits1References9
Rows per page
Query Builder