[MEDIUM] Craft Commerce has Stored XSS in Product Type Name

PKSA-tjsq-jr27-yxgb CVE-2026-25484 GHSA-2h2m-v2mg-656c

Affected package: craftcms/commerce

Affected version: >=4.0.0-RC1,<=4.10.0|>=5.0.0,<=5.5.1

Reported by:
GitHub