CNNVD-202602-286 Information
CNNVD ID
CNNVD-202602-286
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
Craft Commerce是Craft CMS开源的一个电子商务平台。 Craft Commerce 4.0.0-RC1版本至4.10.0版本和5.0.0版本至5.5.1版本存在跨站脚本漏洞,该漏洞源于产品类型名称在用户权限设置中显示时未进行清理,可能导致存储型跨站脚本攻击。
Description (English)
Craft Commerce is an open-source e-commerce platform for Craft CMS. Craft Company Versions 4.0.0-RC1 to 4.10.0 and 5.0.0 to 5.5.1 have cross-site script holes, which stem from the fact that product type names are not cleared when shown in user permission settings and may result in storage-type cross-site script attacks.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Craft CMS
Published
2026-02-03
Last Modified
2026-02-24
References
https://github.com/craftcms/commerce/security/advisories/GHSA-2h2m-v2mg-656c https://github.com/craftcms/commerce/commit/7e1dedf06038c8e70dce0187b7048d4ab8ffb75c https://github.com/craftcms/commerce/releases/tag/4.10.1 https://github.com/craftcms/commerce/releases/tag/5.5.2 https://access.redhat.com/security/cve/cve-2026-25484
Patch
https://github.com/craftcms/commerce/releases
Share on: