Vulnerabilities

CVE-2026-3320

by Fred · 11/05/2026

Reflected Cross-Site Scripting (XSS) in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /product/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code.

More information : https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cradle-e-commerce

Similar

Tags: Cybersecurity Alert