6.2
CVE-2026-11975
- EPSS 0.26%
- Veröffentlicht 17.06.2026 12:18:28
- Zuletzt bearbeitet 17.06.2026 12:18:28
- Quelle 596c5446-0ce5-4ba2-aa66-48b3b7
- CVE-Watchlists
- Unerledigt
Stored Cross-Site Scripting (XSS) in SimplCommerce News Module Admin Interface
Stored cross-site scripting (XSS) in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML sanitization and rendered unencoded via @Html.Raw()
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellersimplcommerce
≫
Produkt
SimplCommerce
Default Statusaffected
Version
0
Version <
6142d3b5
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.168 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 596c5446-0ce5-4ba2-aa66-48b3b757a647 | 6.2 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:H/SI:H/SA:N
|
https://github.com/simplcommerce/SimplCommerce/pull/1151
https://github.com/simplcommerce/SimplCommerce/commit/6142d3b5147899e0edb41663ae20183878ab39f7