CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25484

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, there is a Stored XSS via Product Type names. The name is not sanitized when displayed in user permissions settings. The vulnerable input (source) is in Commerce (Product Type settings), but the sink is in CMS user permissions settings. This issue has been patched in versions 4.10.1 and 5.5.2.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 12.9%

CVSS Severity

CVSS v3 Score 4.8

References

Products affected by CVE-2026-25484

Craftcms » Craft Commerce » Version: 4.0.0

cpe:2.3:a:craftcms:craft_commerce:4.0.0
Craftcms » Craft Commerce » Version: 4.0.1

cpe:2.3:a:craftcms:craft_commerce:4.0.1
Craftcms » Craft Commerce » Version: 4.0.2

cpe:2.3:a:craftcms:craft_commerce:4.0.2
Craftcms » Craft Commerce » Version: 4.0.3

cpe:2.3:a:craftcms:craft_commerce:4.0.3
Craftcms » Craft Commerce » Version: 4.0.4

cpe:2.3:a:craftcms:craft_commerce:4.0.4
Craftcms » Craft Commerce » Version: 4.1.0

cpe:2.3:a:craftcms:craft_commerce:4.1.0
Craftcms » Craft Commerce » Version: 4.1.1

cpe:2.3:a:craftcms:craft_commerce:4.1.1
Craftcms » Craft Commerce » Version: 4.1.2

cpe:2.3:a:craftcms:craft_commerce:4.1.2
Craftcms » Craft Commerce » Version: 4.1.3

cpe:2.3:a:craftcms:craft_commerce:4.1.3
Craftcms » Craft Commerce » Version: 4.10.0

cpe:2.3:a:craftcms:craft_commerce:4.10.0
Craftcms » Craft Commerce » Version: 4.2.0

cpe:2.3:a:craftcms:craft_commerce:4.2.0
Craftcms » Craft Commerce » Version: 4.2.1

cpe:2.3:a:craftcms:craft_commerce:4.2.1
Craftcms » Craft Commerce » Version: 4.2.10

cpe:2.3:a:craftcms:craft_commerce:4.2.10
Craftcms » Craft Commerce » Version: 4.2.11

cpe:2.3:a:craftcms:craft_commerce:4.2.11
Craftcms » Craft Commerce » Version: 4.2.2

cpe:2.3:a:craftcms:craft_commerce:4.2.2
Craftcms » Craft Commerce » Version: 4.2.3

cpe:2.3:a:craftcms:craft_commerce:4.2.3
Craftcms » Craft Commerce » Version: 4.2.4

cpe:2.3:a:craftcms:craft_commerce:4.2.4
Craftcms » Craft Commerce » Version: 4.2.5

cpe:2.3:a:craftcms:craft_commerce:4.2.5
Craftcms » Craft Commerce » Version: 4.2.5.1

cpe:2.3:a:craftcms:craft_commerce:4.2.5.1
Craftcms » Craft Commerce » Version: 4.2.6

cpe:2.3:a:craftcms:craft_commerce:4.2.6
Craftcms » Craft Commerce » Version: 4.2.7

cpe:2.3:a:craftcms:craft_commerce:4.2.7
Craftcms » Craft Commerce » Version: 4.2.8

cpe:2.3:a:craftcms:craft_commerce:4.2.8
Craftcms » Craft Commerce » Version: 4.2.9

cpe:2.3:a:craftcms:craft_commerce:4.2.9
Craftcms » Craft Commerce » Version: 4.3.0

cpe:2.3:a:craftcms:craft_commerce:4.3.0
Craftcms » Craft Commerce » Version: 4.3.1

cpe:2.3:a:craftcms:craft_commerce:4.3.1
Craftcms » Craft Commerce » Version: 4.3.2

cpe:2.3:a:craftcms:craft_commerce:4.3.2
Craftcms » Craft Commerce » Version: 4.3.3

cpe:2.3:a:craftcms:craft_commerce:4.3.3
Craftcms » Craft Commerce » Version: 4.4.0

cpe:2.3:a:craftcms:craft_commerce:4.4.0
Craftcms » Craft Commerce » Version: 4.4.1

cpe:2.3:a:craftcms:craft_commerce:4.4.1
Craftcms » Craft Commerce » Version: 4.4.1.1

cpe:2.3:a:craftcms:craft_commerce:4.4.1.1
Craftcms » Craft Commerce » Version: 4.5.0

cpe:2.3:a:craftcms:craft_commerce:4.5.0
Craftcms » Craft Commerce » Version: 4.5.1

cpe:2.3:a:craftcms:craft_commerce:4.5.1
Craftcms » Craft Commerce » Version: 4.5.1.1

cpe:2.3:a:craftcms:craft_commerce:4.5.1.1
Craftcms » Craft Commerce » Version: 4.5.2

cpe:2.3:a:craftcms:craft_commerce:4.5.2
Craftcms » Craft Commerce » Version: 4.5.3

cpe:2.3:a:craftcms:craft_commerce:4.5.3
Craftcms » Craft Commerce » Version: 4.5.4

cpe:2.3:a:craftcms:craft_commerce:4.5.4
Craftcms » Craft Commerce » Version: 4.6.0

cpe:2.3:a:craftcms:craft_commerce:4.6.0
Craftcms » Craft Commerce » Version: 4.6.1

cpe:2.3:a:craftcms:craft_commerce:4.6.1
Craftcms » Craft Commerce » Version: 4.6.10

cpe:2.3:a:craftcms:craft_commerce:4.6.10
Craftcms » Craft Commerce » Version: 4.6.11

cpe:2.3:a:craftcms:craft_commerce:4.6.11
Craftcms » Craft Commerce » Version: 4.6.12

cpe:2.3:a:craftcms:craft_commerce:4.6.12
Craftcms » Craft Commerce » Version: 4.6.13

cpe:2.3:a:craftcms:craft_commerce:4.6.13
Craftcms » Craft Commerce » Version: 4.6.14

cpe:2.3:a:craftcms:craft_commerce:4.6.14
Craftcms » Craft Commerce » Version: 4.6.2

cpe:2.3:a:craftcms:craft_commerce:4.6.2
Craftcms » Craft Commerce » Version: 4.6.3.1

cpe:2.3:a:craftcms:craft_commerce:4.6.3.1
Craftcms » Craft Commerce » Version: 4.6.4

cpe:2.3:a:craftcms:craft_commerce:4.6.4
Craftcms » Craft Commerce » Version: 4.6.5

cpe:2.3:a:craftcms:craft_commerce:4.6.5
Craftcms » Craft Commerce » Version: 4.6.6

cpe:2.3:a:craftcms:craft_commerce:4.6.6
Craftcms » Craft Commerce » Version: 4.6.7

cpe:2.3:a:craftcms:craft_commerce:4.6.7
Craftcms » Craft Commerce » Version: 4.6.8

cpe:2.3:a:craftcms:craft_commerce:4.6.8
Craftcms » Craft Commerce » Version: 4.6.9

cpe:2.3:a:craftcms:craft_commerce:4.6.9
Craftcms » Craft Commerce » Version: 4.7.0

cpe:2.3:a:craftcms:craft_commerce:4.7.0
Craftcms » Craft Commerce » Version: 4.7.1

cpe:2.3:a:craftcms:craft_commerce:4.7.1
Craftcms » Craft Commerce » Version: 4.7.2

cpe:2.3:a:craftcms:craft_commerce:4.7.2
Craftcms » Craft Commerce » Version: 4.7.3

cpe:2.3:a:craftcms:craft_commerce:4.7.3
Craftcms » Craft Commerce » Version: 4.8.0

cpe:2.3:a:craftcms:craft_commerce:4.8.0
Craftcms » Craft Commerce » Version: 4.8.0.1

cpe:2.3:a:craftcms:craft_commerce:4.8.0.1
Craftcms » Craft Commerce » Version: 4.8.1

cpe:2.3:a:craftcms:craft_commerce:4.8.1
Craftcms » Craft Commerce » Version: 4.8.1.1

cpe:2.3:a:craftcms:craft_commerce:4.8.1.1
Craftcms » Craft Commerce » Version: 4.8.1.2

cpe:2.3:a:craftcms:craft_commerce:4.8.1.2
Craftcms » Craft Commerce » Version: 4.8.2

cpe:2.3:a:craftcms:craft_commerce:4.8.2
Craftcms » Craft Commerce » Version: 4.8.3

cpe:2.3:a:craftcms:craft_commerce:4.8.3
Craftcms » Craft Commerce » Version: 4.8.4

cpe:2.3:a:craftcms:craft_commerce:4.8.4
Craftcms » Craft Commerce » Version: 4.9.0

cpe:2.3:a:craftcms:craft_commerce:4.9.0
Craftcms » Craft Commerce » Version: 4.9.1

cpe:2.3:a:craftcms:craft_commerce:4.9.1
Craftcms » Craft Commerce » Version: 4.9.2

cpe:2.3:a:craftcms:craft_commerce:4.9.2
Craftcms » Craft Commerce » Version: 4.9.3

cpe:2.3:a:craftcms:craft_commerce:4.9.3
Craftcms » Craft Commerce » Version: 4.9.4

cpe:2.3:a:craftcms:craft_commerce:4.9.4
Craftcms » Craft Commerce » Version: 5.0.0

cpe:2.3:a:craftcms:craft_commerce:5.0.0
Craftcms » Craft Commerce » Version: 5.0.1

cpe:2.3:a:craftcms:craft_commerce:5.0.1
Craftcms » Craft Commerce » Version: 5.0.10

cpe:2.3:a:craftcms:craft_commerce:5.0.10
Craftcms » Craft Commerce » Version: 5.0.10.1

cpe:2.3:a:craftcms:craft_commerce:5.0.10.1
Craftcms » Craft Commerce » Version: 5.0.11

cpe:2.3:a:craftcms:craft_commerce:5.0.11
Craftcms » Craft Commerce » Version: 5.0.11.1

cpe:2.3:a:craftcms:craft_commerce:5.0.11.1
Craftcms » Craft Commerce » Version: 5.0.12

cpe:2.3:a:craftcms:craft_commerce:5.0.12
Craftcms » Craft Commerce » Version: 5.0.12.1

cpe:2.3:a:craftcms:craft_commerce:5.0.12.1
Craftcms » Craft Commerce » Version: 5.0.12.2

cpe:2.3:a:craftcms:craft_commerce:5.0.12.2
Craftcms » Craft Commerce » Version: 5.0.13

cpe:2.3:a:craftcms:craft_commerce:5.0.13
Craftcms » Craft Commerce » Version: 5.0.14

cpe:2.3:a:craftcms:craft_commerce:5.0.14
Craftcms » Craft Commerce » Version: 5.0.15

cpe:2.3:a:craftcms:craft_commerce:5.0.15
Craftcms » Craft Commerce » Version: 5.0.16

cpe:2.3:a:craftcms:craft_commerce:5.0.16
Craftcms » Craft Commerce » Version: 5.0.16.1

cpe:2.3:a:craftcms:craft_commerce:5.0.16.1
Craftcms » Craft Commerce » Version: 5.0.16.2

cpe:2.3:a:craftcms:craft_commerce:5.0.16.2
Craftcms » Craft Commerce » Version: 5.0.17

cpe:2.3:a:craftcms:craft_commerce:5.0.17
Craftcms » Craft Commerce » Version: 5.0.18

cpe:2.3:a:craftcms:craft_commerce:5.0.18
Craftcms » Craft Commerce » Version: 5.0.19

cpe:2.3:a:craftcms:craft_commerce:5.0.19
Craftcms » Craft Commerce » Version: 5.0.2

cpe:2.3:a:craftcms:craft_commerce:5.0.2
Craftcms » Craft Commerce » Version: 5.0.3

cpe:2.3:a:craftcms:craft_commerce:5.0.3
Craftcms » Craft Commerce » Version: 5.0.4

cpe:2.3:a:craftcms:craft_commerce:5.0.4
Craftcms » Craft Commerce » Version: 5.0.5

cpe:2.3:a:craftcms:craft_commerce:5.0.5
Craftcms » Craft Commerce » Version: 5.0.6

cpe:2.3:a:craftcms:craft_commerce:5.0.6
Craftcms » Craft Commerce » Version: 5.0.7

cpe:2.3:a:craftcms:craft_commerce:5.0.7
Craftcms » Craft Commerce » Version: 5.0.8

cpe:2.3:a:craftcms:craft_commerce:5.0.8
Craftcms » Craft Commerce » Version: 5.0.9

cpe:2.3:a:craftcms:craft_commerce:5.0.9
Craftcms » Craft Commerce » Version: 5.1.0

cpe:2.3:a:craftcms:craft_commerce:5.1.0
Craftcms » Craft Commerce » Version: 5.1.0.1

cpe:2.3:a:craftcms:craft_commerce:5.1.0.1
Craftcms » Craft Commerce » Version: 5.1.1

cpe:2.3:a:craftcms:craft_commerce:5.1.1
Craftcms » Craft Commerce » Version: 5.1.2

cpe:2.3:a:craftcms:craft_commerce:5.1.2
Craftcms » Craft Commerce » Version: 5.1.3

cpe:2.3:a:craftcms:craft_commerce:5.1.3
Craftcms » Craft Commerce » Version: 5.1.4

cpe:2.3:a:craftcms:craft_commerce:5.1.4
Craftcms » Craft Commerce » Version: 5.2.0

cpe:2.3:a:craftcms:craft_commerce:5.2.0
Craftcms » Craft Commerce » Version: 5.2.1

cpe:2.3:a:craftcms:craft_commerce:5.2.1
Craftcms » Craft Commerce » Version: 5.2.10

cpe:2.3:a:craftcms:craft_commerce:5.2.10
Craftcms » Craft Commerce » Version: 5.2.11

cpe:2.3:a:craftcms:craft_commerce:5.2.11
Craftcms » Craft Commerce » Version: 5.2.12

cpe:2.3:a:craftcms:craft_commerce:5.2.12
Craftcms » Craft Commerce » Version: 5.2.12.1

cpe:2.3:a:craftcms:craft_commerce:5.2.12.1
Craftcms » Craft Commerce » Version: 5.2.2

cpe:2.3:a:craftcms:craft_commerce:5.2.2
Craftcms » Craft Commerce » Version: 5.2.2.1

cpe:2.3:a:craftcms:craft_commerce:5.2.2.1
Craftcms » Craft Commerce » Version: 5.2.3

cpe:2.3:a:craftcms:craft_commerce:5.2.3
Craftcms » Craft Commerce » Version: 5.2.4

cpe:2.3:a:craftcms:craft_commerce:5.2.4
Craftcms » Craft Commerce » Version: 5.2.5

cpe:2.3:a:craftcms:craft_commerce:5.2.5
Craftcms » Craft Commerce » Version: 5.2.6

cpe:2.3:a:craftcms:craft_commerce:5.2.6
Craftcms » Craft Commerce » Version: 5.2.7

cpe:2.3:a:craftcms:craft_commerce:5.2.7
Craftcms » Craft Commerce » Version: 5.2.8

cpe:2.3:a:craftcms:craft_commerce:5.2.8
Craftcms » Craft Commerce » Version: 5.2.9

cpe:2.3:a:craftcms:craft_commerce:5.2.9
Craftcms » Craft Commerce » Version: 5.2.9.1

cpe:2.3:a:craftcms:craft_commerce:5.2.9.1
Craftcms » Craft Commerce » Version: 5.3.0

cpe:2.3:a:craftcms:craft_commerce:5.3.0
Craftcms » Craft Commerce » Version: 5.3.0.1

cpe:2.3:a:craftcms:craft_commerce:5.3.0.1
Craftcms » Craft Commerce » Version: 5.3.0.2

cpe:2.3:a:craftcms:craft_commerce:5.3.0.2
Craftcms » Craft Commerce » Version: 5.3.1

cpe:2.3:a:craftcms:craft_commerce:5.3.1
Craftcms » Craft Commerce » Version: 5.3.10

cpe:2.3:a:craftcms:craft_commerce:5.3.10
Craftcms » Craft Commerce » Version: 5.3.11

cpe:2.3:a:craftcms:craft_commerce:5.3.11
Craftcms » Craft Commerce » Version: 5.3.12

cpe:2.3:a:craftcms:craft_commerce:5.3.12
Craftcms » Craft Commerce » Version: 5.3.13

cpe:2.3:a:craftcms:craft_commerce:5.3.13
Craftcms » Craft Commerce » Version: 5.3.2

cpe:2.3:a:craftcms:craft_commerce:5.3.2
Craftcms » Craft Commerce » Version: 5.3.2.1

cpe:2.3:a:craftcms:craft_commerce:5.3.2.1
Craftcms » Craft Commerce » Version: 5.3.2.2

cpe:2.3:a:craftcms:craft_commerce:5.3.2.2
Craftcms » Craft Commerce » Version: 5.3.3

cpe:2.3:a:craftcms:craft_commerce:5.3.3
Craftcms » Craft Commerce » Version: 5.3.4

cpe:2.3:a:craftcms:craft_commerce:5.3.4
Craftcms » Craft Commerce » Version: 5.3.5

cpe:2.3:a:craftcms:craft_commerce:5.3.5
Craftcms » Craft Commerce » Version: 5.3.6

cpe:2.3:a:craftcms:craft_commerce:5.3.6
Craftcms » Craft Commerce » Version: 5.3.7

cpe:2.3:a:craftcms:craft_commerce:5.3.7
Craftcms » Craft Commerce » Version: 5.3.8

cpe:2.3:a:craftcms:craft_commerce:5.3.8
Craftcms » Craft Commerce » Version: 5.3.9

cpe:2.3:a:craftcms:craft_commerce:5.3.9
Craftcms » Craft Commerce » Version: 5.4.0

cpe:2.3:a:craftcms:craft_commerce:5.4.0
Craftcms » Craft Commerce » Version: 5.4.1

cpe:2.3:a:craftcms:craft_commerce:5.4.1
Craftcms » Craft Commerce » Version: 5.4.1.1

cpe:2.3:a:craftcms:craft_commerce:5.4.1.1
Craftcms » Craft Commerce » Version: 5.4.10

cpe:2.3:a:craftcms:craft_commerce:5.4.10
Craftcms » Craft Commerce » Version: 5.4.2

cpe:2.3:a:craftcms:craft_commerce:5.4.2
Craftcms » Craft Commerce » Version: 5.4.3

cpe:2.3:a:craftcms:craft_commerce:5.4.3
Craftcms » Craft Commerce » Version: 5.4.4

cpe:2.3:a:craftcms:craft_commerce:5.4.4
Craftcms » Craft Commerce » Version: 5.4.5

cpe:2.3:a:craftcms:craft_commerce:5.4.5
Craftcms » Craft Commerce » Version: 5.4.5.1

cpe:2.3:a:craftcms:craft_commerce:5.4.5.1
Craftcms » Craft Commerce » Version: 5.4.6

cpe:2.3:a:craftcms:craft_commerce:5.4.6
Craftcms » Craft Commerce » Version: 5.4.7

cpe:2.3:a:craftcms:craft_commerce:5.4.7
Craftcms » Craft Commerce » Version: 5.4.7.1

cpe:2.3:a:craftcms:craft_commerce:5.4.7.1
Craftcms » Craft Commerce » Version: 5.4.8

cpe:2.3:a:craftcms:craft_commerce:5.4.8
Craftcms » Craft Commerce » Version: 5.4.9

cpe:2.3:a:craftcms:craft_commerce:5.4.9
Craftcms » Craft Commerce » Version: 5.5.0

cpe:2.3:a:craftcms:craft_commerce:5.5.0
Craftcms » Craft Commerce » Version: 5.5.0.1

cpe:2.3:a:craftcms:craft_commerce:5.5.0.1
Craftcms » Craft Commerce » Version: 5.5.1

cpe:2.3:a:craftcms:craft_commerce:5.5.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25484

Products

Pricing

Contact Us