Security Advisories - PKSA-6px2-ht8s-n19h - Packagist.org

PKSA-6px2-ht8s-n19h Security Advisory

[MEDIUM] Craft Commerce has Stored XSS via Order Status Message with potential database exfiltration

PKSA-6px2-ht8s-n19h CVE-2026-25483 GHSA-8478-rmjg-mjj5

Affected package: craftcms/commerce

Affected version: >=4.0.0-RC1,<=4.10.0|>=5.0.0,<=5.5.1

Reported by:
GitHub