← volver
CVE-2026-11975

Stored Cross-Site Scripting (XSS) in SimplCommerce News Module Admin Interface

CVSS 6.2 MEDIUMEPSS 0.3%CWE-79
Stored cross-site scripting (XSS) in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML sanitization and rendered unencoded via @Html.Raw()
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:H/SI:H/SA:N
Productos afectados
simplcommerce · SimplCommerce

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/simplcommerce/SimplCommerce/commit/6142d3b5147899e0edb41663ae20183878ab39f7https://github.com/simplcommerce/SimplCommerce/pull/1151