Craftcms

Craft Commerce

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2026-25522

Exploit
  • EPSS 0.02%
  • Veröffentlicht 03.02.2026 18:10:33
  • Zuletzt bearbeitet 18.02.2026 16:14:46

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occ...

4.8

CVE-2026-25490

Exploit
  • EPSS 0.01%
  • Veröffentlicht 03.02.2026 18:09:33
  • Zuletzt bearbeitet 10.02.2026 18:08:32

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occ...

4.8

CVE-2026-25489

Exploit
  • EPSS 0.01%
  • Veröffentlicht 03.02.2026 18:07:40
  • Zuletzt bearbeitet 10.02.2026 18:08:57

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occ...

4.8

CVE-2026-25488

Exploit
  • EPSS 0.04%
  • Veröffentlicht 03.02.2026 18:07:25
  • Zuletzt bearbeitet 10.02.2026 18:10:27

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occ...

4.8

CVE-2026-25487

Exploit
  • EPSS 0.04%
  • Veröffentlicht 03.02.2026 18:07:12
  • Zuletzt bearbeitet 10.02.2026 18:10:55

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator's browser. This occ...

4.8

CVE-2026-25486

Exploit
  • EPSS 0.03%
  • Veröffentlicht 03.02.2026 18:06:57
  • Zuletzt bearbeitet 10.02.2026 18:12:08

Craft Commerce is an ecommerce platform for Craft CMS. From version 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Methods ...

4.8

CVE-2026-25485

Exploit
  • EPSS 0.01%
  • Veröffentlicht 03.02.2026 18:06:45
  • Zuletzt bearbeitet 10.02.2026 18:12:38

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occ...

4.8

CVE-2026-25484

Exploit
  • EPSS 0.01%
  • Veröffentlicht 03.02.2026 18:06:36
  • Zuletzt bearbeitet 10.02.2026 18:13:04

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, there is a Stored XSS via Product Type names. The name is not sanitized when displayed in user permissions settings. The vulnerable i...

5.4

CVE-2026-25483

Exploit
  • EPSS 0.01%
  • Veröffentlicht 03.02.2026 18:05:49
  • Zuletzt bearbeitet 10.02.2026 17:52:55

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability exists in Craft Commerce’s Order Status History Message. The message is rendered using the |md filter, whi...

4.8

CVE-2026-25482

Exploit
  • EPSS 0.01%
  • Veröffentlicht 03.02.2026 18:05:09
  • Zuletzt bearbeitet 10.02.2026 18:13:27

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored DOM XSS vulnerability exists in the "Recent Orders" dashboard widget. The Order Status Name is rendered via JavaScript strin...