CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

42 matches found

RedhatCVE•added 2026/03/26 3:18 p.m.•3 views

CVE-2026-29177

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Craft Commerce Order details. Malicious JavaScript can be injected via the Shipping Method Name, Order Reference, or Site Name. When a user opens the ord...

5.4CVSS5.8AI score0.00211EPSS

Exploits1References1

OSV•added 2026/03/11 7:23 p.m.•9 views

GHSA-7VVP-J573-5584 Shopware: Unauthenticated data extraction possible through store-api.order endpoint

Summary An insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. Details Data Exposure Depending on the order payload configuration, attackers may retrieve: -...

8.9CVSS5.9AI score0.00237EPSS

Exploits0References3

NVD•added 2026/03/10 8:16 p.m.•2 views

CVE-2026-29177

5.4CVSS0.00211EPSS

Exploits1References2

Cvelist•added 2026/03/10 8:1 p.m.•26 views

CVE-2026-29177 Craft Commerce has Stored XSS in Craft Commerce Order Details Slideout

4.8CVSS0.00211EPSS

Exploits1References2

CVE•added 2026/03/10 8:1 p.m.•8 views

CVE-2026-29177

Summary of vulnerability (CVE-2026-29177) : Craft Commerce for Craft CMS has a stored XSS flaw in the Order Details slideout. User-supplied input in fields such as the Shipping Method Name, Order Reference, or Site Name can inject JavaScript that executes when a user opens the order details via d...

5.4CVSS5.8AI score0.00211EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/03/10 8:1 p.m.•3 views

CVE-2026-29177 Craft Commerce has Stored XSS in Craft Commerce Order Details Slideout

4.8CVSS5.8AI score0.00211EPSS

Exploits1References2

ATTACKERKB•added 2026/03/10 8:1 p.m.•2 views

CVE-2026-29177

4.8CVSS5.8AI score0.00211EPSS

Exploits1References3Affected Software1

OSV•added 2026/03/10 8:1 p.m.•4 views

CVE-2026-29177 Craft Commerce has Stored XSS in Craft Commerce Order Details Slideout

4.8CVSS5.8AI score0.00211EPSS

Exploits1References4

OSV•added 2026/03/10 6:24 p.m.•4 views

GHSA-MJ32-R678-7MVP Craft Commerce has stored XSS in Craft Commerce Order Details Slideout

Summary A Stored Cross-Site Scripting XSS vulnerability exists in the Craft Commerce Order details. Malicious JavaScript can be injected via the Shipping Method Name, Order Reference, or Site Name. When a user opens the order details slideout via a double-click on the order index page, the inject...

4.8CVSS5.8AI score0.00211EPSS

Exploits1References4

Github Security Blog•added 2026/03/10 6:24 p.m.•5 views

Craft Commerce has stored XSS in Craft Commerce Order Details Slideout

5.4CVSS5.8AI score0.00211EPSS

Exploits1References4Affected Software1

Snyk•added 2026/03/10 6:24 p.m.•1 views

Cross-site Scripting (XSS)

Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to Cross-site Scripting XSS in the processing of order details in the slideout interface when user-supplied input is rendered without proper sanitization in fields such as Shipping Method Name, Order...

5.4CVSS5.8AI score0.00211EPSS

Exploits1References2

Positive Technologies•added 2026/03/10 12:0 a.m.•1 views

PT-2026-24629

4.8CVSS5.8AI score

Exploits0References4

Positive Technologies•added 2026/03/10 12:0 a.m.•3 views

PT-2026-24419

4.8CVSS5.8AI score0.00211EPSS

Exploits1References3

CNNVD•added 2026/03/10 12:0 a.m.•4 views

Craft Commerce 跨站脚本漏洞

Craft Commerce is an e-commerce platform developed under the open-source Craft CMS framework. Versions prior to 4.10.2 and 5.5.3 of Craft Commerce contained a cross-site scripting vulnerability. This vulnerability stemmed from improper filtering of the Shipping Method Name, Order Reference, or Si...

5.4CVSS5.7AI score0.00211EPSS

Exploits1References2

OSV•added 2026/02/03 6:6 p.m.•4 views

CVE-2026-25486 Craft Commerce has Stored XSS in Shipping Methods Name Field Leading to Potential Privilege Escalation

Craft Commerce is an ecommerce platform for Craft CMS. From version 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Methods Name field in the Store Management section is n...

6.1CVSS5.5AI score0.00253EPSS

Exploits1References5

Snyk•added 2026/02/02 10:49 p.m.•4 views

Cross-site Scripting (XSS)

Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Name field in the shipping methods section of store management. An attacker can execute arbitrary JavaScript in an administrator's browser by submitting a crafted...

6.1CVSS5.5AI score0.00253EPSS

Exploits1References2

NVD•added 2025/10/27 2:15 a.m.•7 views

CVE-2025-62976

Missing Authorization vulnerability in Joovii Sendle Shipping official-sendle-shipping-method allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Sendle Shipping: from n/a through = 6.02...

5.3CVSS0.00256EPSS

Exploits0References1