CVE-2026-29176 | Craft Commerce up to 5.5.2 Inventory Locations Page Name cross site scripting (GHSA-wj89-2385-gpx3)

A vulnerability categorized as problematic has been discovered in Craft Commerce up to 5.5.2. This impacts an unknown function of the component Inventory Locations Page. Executing a manipulation of the argument Name can lead to cross site scripting.

This vulnerability is registered as CVE-2026-29176. It is possible to launch the attack remotely. No exploit is available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More