CNNVD-202602-287 Information
CNNVD ID
CNNVD-202602-287
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
Craft Commerce是Craft CMS开源的一个电子商务平台。 Craft Commerce 4.0.0-RC1版本至4.10.0版本和5.0.0版本至5.5.1版本存在跨站脚本漏洞,该漏洞源于最近订单仪表板小部件存在存储型DOM跨站脚本漏洞,可能导致脚本执行。
Description (English)
Craft Commerce is an open-source e-commerce platform for Craft CMS. Craft Company Versions 4.0.0-RC1 to 4.10.0 and 5.0.0 to 5.5.1 have cross-site script loopholes, which stem from the recent storage of the DOM cross-station script gap in small parts of the order dashboard, which may result in script execution.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Craft CMS
Published
2026-02-03
Last Modified
2026-02-24
References
https://github.com/craftcms/commerce/security/advisories/GHSA-frj9-9rwc-pw9j https://github.com/craftcms/commerce/releases/tag/4.10.1 https://github.com/craftcms/commerce/commit/d94d1c9832a47a1c383e375ae87c46c13935ba65 https://github.com/craftcms/commerce/releases/tag/5.5.2 https://access.redhat.com/security/cve/cve-2026-25482
Patch
https://github.com/craftcms/commerce/releases
Share on: