Security Advisories - PKSA-q6pp-5z96-2bd2 - Packagist.org

PKSA-q6pp-5z96-2bd2 Security Advisory

[LOW] Craft Commerce has stored XSS in Craft Commerce Order Details Slideout

PKSA-q6pp-5z96-2bd2 CVE-2026-29177 GHSA-mj32-r678-7mvp

Affected package: craftcms/commerce

Affected version: >=5.0.0,<=5.5.2|>=4.0.0,<=4.10.1

Reported by:
GitHub