CVE-2026-3320 in e-commerceinformation

Résumé

par MITRE • 11/05/2026

Reflected Cross-Site Scripting (XSS) in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /product/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

INCIBE

Réserver

27/02/2026

Divulgation

11/05/2026

Modérer

accepté

Entrée

VDB-362646

CPE

prêt

EPSS

0.00062

KEV

non

Activités

très faible

Secteur

Hostingprovider, Transportation, ...

Sources

MITREhttps://www.cve.org/CVERecord?id=CVE-2026-3320
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-3320
CVE Detailshttps://www.cvedetails.com/cve/CVE-2026-3320/

PrécédentAperçuSuivant

Might our Artificial Intelligence support you?

Check our Alexa App!