CVE-2026-11975
Vulnerability Description
Stored cross-site scripting (XSS) in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML sanitization and rendered unencoded via @Html.Raw()
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-79
Source
NVD
Vendor
simplcommerce
Product
SimplCommerce
Discussion (0)
Add Comment
No comments yet. Be the first!