Security Advisories - PKSA-vyym-2rg1-mr68 - Packagist.org

PKSA-vyym-2rg1-mr68 Security Advisory

[MEDIUM] Craft Commerce has Stored XSS in Shipping Methods Name Field Leading to Potential Privilege Escalation

PKSA-vyym-2rg1-mr68 CVE-2026-25486 GHSA-g92v-wpv7-6w22

Affected package: craftcms/commerce

Affected version: >=5.0.0-RC1,<=5.5.1

Reported by:
GitHub