[HIGH] Craft Commerce has multiple Stored XSS in Commerce Inventory Page, Leading to Session Hijacking

PKSA-c2f2-bw98-42sz CVE-2026-29175 GHSA-cfpv-rmpf-f624

Affected package: craftcms/commerce

Affected version: >=5.0.0,<=5.5.2

Reported by:
GitHub