CVE-2026-3320 in e-commerceالمعلومات

الملخص

بحسب MITRE • 11/05/2026

Reflected Cross-Site Scripting (XSS) in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /product/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

INCIBE

حجز

27/02/2026

إفشاء

11/05/2026

الاعتدال

تمت الموافقة

إدخال

VDB-362646

EPSS

0.00062

KEV

لا

النشاطات

منخفض جدًا

القطاع

Telecommunication, Transportation, ...

المصادر

MITREhttps://www.cve.org/CVERecord?id=CVE-2026-3320
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-3320
CVE Detailshttps://www.cvedetails.com/cve/CVE-2026-3320/

التالي نظرة عامة السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!