Cross-site Scripting Vulnerability in Drupal Commerce Core
CVE-2026-10769
5.4MEDIUM
What is CVE-2026-10769?
A Cross-site Scripting (XSS) vulnerability exists in Drupal Commerce Core that allows an attacker to inject malicious scripts into web pages. This flaw affects multiple versions of Commerce Core, specifically from 3.3.0 to 3.3.6, and can lead to stored XSS exploitation, enabling attackers to compromise user sessions and manipulate user interactions on affected websites.
Affected Version(s)
Commerce Core 3.3.0 < 3.3.6
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Brian Willows (hsjbrianwillows)
Jonathan Sacksick (jsacksick)
Greg Knaddison (greggles)
Lee Rowlands (larowlan)
Dave Long (longwave)
Juraj Nemec (poker10)
