6.1

CVE-2026-25487

Exploit

Craft CMS has Stored XSS in Tax Rates Name Leading to Potential Privilege Escalation

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator's browser. This occurs because the Tax Rates 'Name' field in the Store Management section is not properly sanitized before being displayed in the admin panel. This issue has been patched in versions 4.10.1 and 5.5.2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CraftcmsCraft Commerce SwPlatformcraft_cms Version >= 4.0.1 < 4.10.1
CraftcmsCraft Commerce SwPlatformcraft_cms Version >= 5.0.0 < 5.5.2
CraftcmsCraft Commerce Version4.0.0 Update- SwPlatformcraft_cms
CraftcmsCraft Commerce Version4.0.0 Updaterc1 SwPlatformcraft_cms
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.172
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.8 1.7 2.7
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com 6.1 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/craftcms/commerce/releases/tag/4.10.1
Release Notes
https://github.com/craftcms/commerce/releases/tag/5.5.2
Release Notes
https://github.com/craftcms/commerce/commit/fa273330807807d05b564d37c88654cd772839ee
Patch
https://github.com/craftcms/commerce/security/advisories/GHSA-wqc5-485v-3hqh
Vendor Advisory
Exploit