CNNVD-202602-283 Information
CNNVD ID
CNNVD-202602-283
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
Craft Commerce是Craft CMS开源的一个电子商务平台。 Craft Commerce 4.0.0-RC1版本至4.10.0版本和5.0.0版本至5.5.1版本存在跨站脚本漏洞,该漏洞源于商店管理部分的运输类别名称和描述字段在管理面板显示前未正确清理,可能导致存储型跨站脚本攻击。
Description (English)
Craft Commerce is an open-source e-commerce platform for Craft CMS. Craft Division 4.0.0-RC1 to 4.10.0 and 5.0.0 to 5.5.1 have a cross-site script loophole, which arises from the fact that the name of the transport category and description fields in the store management section are not properly cleared before the management panel displays, which may result in a storage-type cross-station script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Craft CMS
Published
2026-02-03
Last Modified
2026-02-24
References
https://github.com/craftcms/commerce/releases/tag/4.10.1 https://github.com/craftcms/commerce/security/advisories/GHSA-w8gw-qm8p-j9j3 https://github.com/craftcms/commerce/commit/fa273330807807d05b564d37c88654cd772839ee https://github.com/craftcms/commerce/releases/tag/5.5.2 https://access.redhat.com/security/cve/cve-2026-25485
Patch
https://github.com/craftcms/commerce/releases
Share on: