CVE-2026-29175 | Craft Commerce up to 5.5.2 Commerce Inventory Page Product Title/Variant Title/Variant SKU cross site scripting (GHSA-cfpv-rmpf-f624)

A vulnerability was found in Craft Commerce up to 5.5.2 and classified as problematic. Impacted is an unknown function of the component Commerce Inventory Page. The manipulation of the argument Product Title/Variant Title/Variant SKU results in cross site scripting.

This vulnerability is identified as CVE-2026-29175. The attack can be executed remotely. There is not any exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More