exploitDog

CVE-2026-25489

Опубликовано: 03 фев. 2026

Источник: nvd

EPSS Низкий

Описание

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Name & Description fields in Tax Zones are not properly sanitized before being displayed in the admin panel. This issue has been patched in versions 4.10.1 and 5.5.2.

Ссылки

EPSS

Процентиль: 13%

0.00043

Низкий

Дефекты

CWE-79

Связанные уязвимости

GHSA-v585-mf6r-rqrc

github

5 дней назад

Craft Commerce has Stored XSS in Tax Zones (Name & Description) Leading to Potential Privilege Escalation

EPSS

Процентиль: 13%

0.00043

Низкий

Дефекты

CWE-79