[MEDIUM] Craft CMS has Stored XSS in Tax Rates Name Leading to Potential Privilege Escalation

PKSA-twkq-s65v-3zph CVE-2026-25487 GHSA-wqc5-485v-3hqh

Affected package: craftcms/commerce

Affected version: >=4.0.0-RC1,<=4.10.0|>=5.0.0-RC1,<=5.5.1

Reported by:
GitHub