Nixpkgs security tracker

Login with GitHub

Suggestion detail

Dismissed

Permalink CVE-2026-29176

updated 2 months, 2 weeks ago by @mweinelt Activity log

Created suggestion 2 months, 2 weeks ago
@mweinelt ignored
8 packages
- python312Packages.azure-mgmt-commerce
- python313Packages.azure-mgmt-commerce
- python314Packages.azure-mgmt-commerce
- python312Packages.mypy-boto3-marketplacecommerceanalytics
- python313Packages.mypy-boto3-marketplacecommerceanalytics
- python314Packages.mypy-boto3-marketplacecommerceanalytics
- python312Packages.types-aiobotocore-marketplacecommerceanalytics
- python313Packages.types-aiobotocore-marketplacecommerceanalytics
2 months, 2 weeks ago
@mweinelt dismissed 2 months, 2 weeks ago

Craft Commerce has Stored XSS in Inventory Location Name

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an administrator (or user with product editing permissions) creates or edits a variant product. This vulnerability is fixed in 5.5.3.

References

https://github.com/craftcms/commerce/security/advisories/GHSA-wj89-2385-gpx3 x_refsource_CONFIRM
https://github.com/craftcms/commerce/commit/da143df084563ddf0929d7c261bcc11d312e8004 x_refsource_MISC

Affected products

commerce

==>= 4.0.0 < 4.10.2
==>= 5.0.0 < 5.5.3

Ignored packages (8)

pkgs.python312Packages.azure-mgmt-commerce

This is the Microsoft Azure Commerce Management Client Library

nixos-25.11 6.0.0
- nixos-25.11-small 6.0.0
- nixpkgs-25.11-darwin 6.0.0

pkgs.python313Packages.azure-mgmt-commerce

This is the Microsoft Azure Commerce Management Client Library

nixos-unstable 6.0.0
- nixpkgs-unstable 6.0.0
- nixos-unstable-small 6.0.0
nixos-25.11 6.0.0
- nixos-25.11-small 6.0.0
- nixpkgs-25.11-darwin 6.0.0

pkgs.python314Packages.azure-mgmt-commerce

This is the Microsoft Azure Commerce Management Client Library

nixos-unstable 6.0.0
- nixpkgs-unstable 6.0.0
- nixos-unstable-small 6.0.0

pkgs.python312Packages.mypy-boto3-marketplacecommerceanalytics

Type annotations for boto3 marketplacecommerceanalytics

nixos-25.11 boto3-marketplacecommerceanalytics-1.41.0
- nixos-25.11-small boto3-marketplacecommerceanalytics-1.41.0
- nixpkgs-25.11-darwin boto3-marketplacecommerceanalytics-1.41.0

pkgs.python313Packages.mypy-boto3-marketplacecommerceanalytics

Type annotations for boto3 marketplacecommerceanalytics

nixos-unstable boto3-marketplacecommerceanalytics-1.42.3
- nixpkgs-unstable boto3-marketplacecommerceanalytics-1.42.3
- nixos-unstable-small boto3-marketplacecommerceanalytics-1.42.3
nixos-25.11 boto3-marketplacecommerceanalytics-1.41.0
- nixos-25.11-small boto3-marketplacecommerceanalytics-1.41.0
- nixpkgs-25.11-darwin boto3-marketplacecommerceanalytics-1.41.0

pkgs.python314Packages.mypy-boto3-marketplacecommerceanalytics

Type annotations for boto3 marketplacecommerceanalytics

nixos-unstable boto3-marketplacecommerceanalytics-1.42.3
- nixpkgs-unstable boto3-marketplacecommerceanalytics-1.42.3
- nixos-unstable-small boto3-marketplacecommerceanalytics-1.42.3

pkgs.python312Packages.types-aiobotocore-marketplacecommerceanalytics

Type annotations for aiobotocore marketplacecommerceanalytics

nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.python313Packages.types-aiobotocore-marketplacecommerceanalytics

Type annotations for aiobotocore marketplacecommerceanalytics

nixos-unstable 3.1.1
- nixpkgs-unstable 3.1.1
- nixos-unstable-small 3.1.1
nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

Not in nixpkgs