pkg:Packagist/craftcms/commerce
共 19 筆 CVE
✅ 檢查你的版本
所有已知漏洞
- —CVE-2026-32270Craft Commerce has an unauthenticated information disclosure that can leak some customer order data on anonymous payments>= 5.0.0, < 5.6.0
- —CVE-2026-32271Craft Commerce has a SQL Injection can lead to Remote Code Execution via TotalRevenue Widget>= 4.0.0, < 4.10.3
- >= 5.0.0, < 5.6.0
- >= 5.0.0, < 5.6.0
- >= 4.0.0, < 4.10.2
- >= 5.0.0, < 5.5.3
- —CVE-2026-29175Craft Commerce has multiple Stored XSS in Commerce Inventory Page, Leading to Session Hijacking>= 5.0.0, < 5.5.3
- >= 5.0.0, < 5.5.3
- —CVE-2026-29173Craft Commerce is Vulnerable to Stored XSS while updating Order Status from Orders Table>= 4.0.0, < 4.10.2
- >= 4.0.0, < 4.10.2
- —CVE-2026-25522Craft Commerce has Stored XSS in Shipping Zone (Name & Description) Fields Leading to Potential Privilege Escalation>= 5.0.0-RC1, < 5.5.2
- —CVE-2026-25490Craft Commerce has Stored XSS in Inventory Location Address Leading to Potential Privilege Escalation>= 5.0.0-RC1, < 5.5.2
- —CVE-2026-25489Craft Commerce has Stored XSS in Tax Zones (Name & Description) Leading to Potential Privilege Escalation>= 5.0.0-RC1, < 5.5.2
- —CVE-2026-25488Craft Commerce has Stored XSS in Tax Categories (Name & Description) Fields Leading to Potential Privilege Escalation>= 5.0.0-RC1, < 5.5.2
- >= 5.0.0-RC1, < 5.5.2
- —CVE-2026-25486Craft Commerce has Stored XSS in Shipping Methods Name Field Leading to Potential Privilege Escalation>= 5.0.0-RC1, < 5.5.2
- >= 5.0.0, < 5.5.2
- —CVE-2026-25483Craft Commerce has Stored XSS via Order Status Message with potential database exfiltration>= 5.0.0, < 5.5.2
- —CVE-2026-25482Craft Commerce has Stored DOM XSS in Order Status Name (Reflects in "Recent Orders" Dashboard Widget)>= 5.0.0, < 5.5.2