CVE-2026-29177 | Craft Commerce up to 4.10.2/5.5.3 Order Details Shipping Method Name/Order Reference/Site Name cross site scripting (GHSA-mj32-r678-7mvp)

Inserito da Angelo Barbosa | Mar 11, 2026 | CVE

A vulnerability labeled as problematic has been found in Craft Commerce up to 4.10.2/5.5.3. Affected by this vulnerability is an unknown functionality of the component Order Details Handler. The manipulation of the argument Shipping Method Name/Order Reference/Site Name results in cross site scripting.

This vulnerability is reported as CVE-2026-29177. The attack can be launched remotely. No exploit exists.

The affected component should be upgraded.

CVE-2026-29177 | Craft Commerce up to 4.10.2/5.5.3 Order Details Shipping Method Name/Order Reference/Site Name cross site scripting (GHSA-mj32-r678-7mvp)

Post correlati

CVE-2024-23208 | Apple watchOS memory corruption

CVE-2024-43948 | Dinesh Karki WP Armour Extended Plugin up to 1.26 on WordPress cross site scripting

CVE-2026-2547 | LigeroSmart up to 6.1.26 /otrs/index.pl AgentDashboard Subaction cross site scripting (Issue 284)

CVE-2024-21827 | TP-LINK ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421 Network Request cli_server debug code (TALOS-2024-1947)