0.0
CVE-2026-1846 -
loading template...
6.1
CVE-2026-25522 - Craft Commerce has Stored XSS in Shipping Zone (Name & Description) Fields Leading to Potential Pri…
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Zone (Name & Description…
6.1
CVE-2026-25490 - Craft Commerce has Stored XSS in Inventory Location Address Leading to Potential Privilege Escalati…
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the 'Address Line 1' field in Invento…
6.1
CVE-2026-25489 - Craft Commerce has Stored XSS in Tax Zones (Name & Description) Leading to Potential Privilege Esca…
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Name & Description fields in Tax …
6.1
CVE-2026-25488 - Craft Commerce has Stored XSS in Tax Categories (Name & Description) Fields Leading to Potential Pr…
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Tax Categories (Name & Descriptio…
6.1
CVE-2026-25487 - Craft CMS has Stored XSS in Tax Rates Name Leading to Potential Privilege Escalation
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator's browser. This occurs because the Tax Rates 'Name' field in the Sto…
6.1
CVE-2026-25486 - Craft Commerce has Stored XSS in Shipping Methods Name Field Leading to Potential Privilege Escalat…
Craft Commerce is an ecommerce platform for Craft CMS. From version 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Methods Name field in the Store Management section is not…
6.2
CVE-2026-25485 - Craft Commerce has Stored XSS in Shipping Categories (Name & Description) Fields Leading to Potenti…
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Categories (Name & Descr…
4.6
CVE-2025-52628 - HCL AION is susceptible to Missing SameSite vulnerability
HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0.
4.8
CVE-2026-25484 - Craft Commerce has Stored XSS in Product Type Name
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, there is a Stored XSS via Product Type names. The name is not sanitized when displayed in user permissions settings. The vulnerable input (source) is in Commerce (Product Type settin…