Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Dismissed

Permalink CVE-2026-29173

updated 1 week, 4 days ago by @mweinelt Activity log

Created automatic suggestion 1 week, 4 days ago
@mweinelt removed
8 packages
- python312Packages.azure-mgmt-commerce
- python313Packages.azure-mgmt-commerce
- python314Packages.azure-mgmt-commerce
- python312Packages.mypy-boto3-marketplacecommerceanalytics
- python313Packages.mypy-boto3-marketplacecommerceanalytics
- python314Packages.mypy-boto3-marketplacecommerceanalytics
- python312Packages.types-aiobotocore-marketplacecommerceanalytics
- python313Packages.types-aiobotocore-marketplacecommerceanalytics
1 week, 4 days ago
@mweinelt dismissed 1 week, 4 days ago

Craft Commerce has Stored XSS while updating Order Status from Orders Table

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a stored XSS vulnerability exists when a user tries to update the Order Status from the Commerce Orders Table. The Order Status Name is rendered without proper escaping, allowing script execution to occur. This vulnerability is fixed in 4.10.2 and 5.5.3.

References

https://github.com/craftcms/commerce/security/advisories/GHSA-mqxf-2998-c6cp x_refsource_CONFIRM
https://github.com/craftcms/commerce/commit/60cdc505c03b6fa2f59715e8c060114b66334afa x_refsource_MISC
https://github.com/craftcms/commerce/commit/a2ea853935ef03297ea1298bdb0d8c55ec5daf7b x_refsource_MISC

Affected products

commerce

==>= 4.0.0 < 4.10.2
==>= 5.0.0 < 5.5.3

Ignored packages (8)

pkgs.python312Packages.azure-mgmt-commerce

This is the Microsoft Azure Commerce Management Client Library

nixos-25.11 6.0.0
- nixos-25.11-small 6.0.0
- nixpkgs-25.11-darwin 6.0.0

pkgs.python313Packages.azure-mgmt-commerce

This is the Microsoft Azure Commerce Management Client Library

nixos-unstable 6.0.0
- nixpkgs-unstable 6.0.0
- nixos-unstable-small 6.0.0
nixos-25.11 6.0.0
- nixos-25.11-small 6.0.0
- nixpkgs-25.11-darwin 6.0.0

pkgs.python314Packages.azure-mgmt-commerce

This is the Microsoft Azure Commerce Management Client Library

nixos-unstable 6.0.0
- nixpkgs-unstable 6.0.0
- nixos-unstable-small 6.0.0

pkgs.python312Packages.mypy-boto3-marketplacecommerceanalytics

Type annotations for boto3 marketplacecommerceanalytics

nixos-25.11 boto3-marketplacecommerceanalytics-1.41.0
- nixos-25.11-small boto3-marketplacecommerceanalytics-1.41.0
- nixpkgs-25.11-darwin boto3-marketplacecommerceanalytics-1.41.0

pkgs.python313Packages.mypy-boto3-marketplacecommerceanalytics

Type annotations for boto3 marketplacecommerceanalytics

nixos-unstable boto3-marketplacecommerceanalytics-1.42.3
- nixpkgs-unstable boto3-marketplacecommerceanalytics-1.42.3
- nixos-unstable-small boto3-marketplacecommerceanalytics-1.42.3
nixos-25.11 boto3-marketplacecommerceanalytics-1.41.0
- nixos-25.11-small boto3-marketplacecommerceanalytics-1.41.0
- nixpkgs-25.11-darwin boto3-marketplacecommerceanalytics-1.41.0

pkgs.python314Packages.mypy-boto3-marketplacecommerceanalytics

Type annotations for boto3 marketplacecommerceanalytics

nixos-unstable boto3-marketplacecommerceanalytics-1.42.3
- nixpkgs-unstable boto3-marketplacecommerceanalytics-1.42.3
- nixos-unstable-small boto3-marketplacecommerceanalytics-1.42.3

pkgs.python312Packages.types-aiobotocore-marketplacecommerceanalytics

Type annotations for aiobotocore marketplacecommerceanalytics

nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.python313Packages.types-aiobotocore-marketplacecommerceanalytics

Type annotations for aiobotocore marketplacecommerceanalytics

nixos-unstable 3.1.1
- nixpkgs-unstable 3.1.1
- nixos-unstable-small 3.1.1
nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

Not in nixpkgs