Craftcms

Craft Commerce

17 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2026-31867

Exploit
  • EPSS 0.05%
  • Veröffentlicht 11.03.2026 17:52:18
  • Zuletzt bearbeitet 17.03.2026 14:02:48

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.11.0 and 5.6.0, An Insecure Direct Object Reference (IDOR) vulnerability exists in Craft Commerce’s cart functionality that allows users to hijack any shopping cart by knowing or guess...

5.4

CVE-2026-29177

Exploit
  • EPSS 0.01%
  • Veröffentlicht 10.03.2026 20:01:06
  • Zuletzt bearbeitet 11.03.2026 15:07:13

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Craft Commerce Order details. Malicious JavaScript can be injected via the Shipping Method Name, Order R...

4.8

CVE-2026-29176

  • EPSS 0.01%
  • Veröffentlicht 10.03.2026 19:59:48
  • Zuletzt bearbeitet 11.03.2026 15:08:01

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arb...

5.4

CVE-2026-29175

Exploit
  • EPSS 0.04%
  • Veröffentlicht 10.03.2026 19:57:36
  • Zuletzt bearbeitet 11.03.2026 16:56:41

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an at...

8.8

CVE-2026-29174

Exploit
  • EPSS 0.01%
  • Veröffentlicht 10.03.2026 19:55:54
  • Zuletzt bearbeitet 11.03.2026 16:55:03

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort[0][direction] and sort[0][sortField] parameters are concatenated directly into ...

4.8

CVE-2026-29173

Exploit
  • EPSS 0.01%
  • Veröffentlicht 10.03.2026 19:54:25
  • Zuletzt bearbeitet 11.03.2026 16:55:37

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a stored XSS vulnerability exists when a user tries to update the Order Status from the Commerce Orders Table. The Order Status Name is rendered without proper escaping...

8.8

CVE-2026-29172

Exploit
  • EPSS 0.04%
  • Veröffentlicht 10.03.2026 19:52:32
  • Zuletzt bearbeitet 11.03.2026 16:54:15

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, Craft Commerce is vulnerable to SQL Injection in the purchasables table endpoint. The sort parameter is split by | and the first part (column name) is passed directly a...

4.8

CVE-2026-25522

Exploit
  • EPSS 0.03%
  • Veröffentlicht 03.02.2026 18:10:33
  • Zuletzt bearbeitet 18.02.2026 16:14:46

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occ...

4.8

CVE-2026-25490

Exploit
  • EPSS 0.02%
  • Veröffentlicht 03.02.2026 18:09:33
  • Zuletzt bearbeitet 10.02.2026 18:08:32

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occ...

4.8

CVE-2026-25489

Exploit
  • EPSS 0.02%
  • Veröffentlicht 03.02.2026 18:07:40
  • Zuletzt bearbeitet 10.02.2026 18:08:57

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occ...