Skip to main content

Cradle

2 CVEs product

Monthly

CVE-2026-3320 MEDIUM PATCH This Month

Reflected cross-site scripting (XSS) in Cradle eCommerce platform allows unauthenticated remote attackers to execute arbitrary JavaScript in users' browsers via crafted input to the /product/ endpoint. The vulnerability requires user interaction (clicking a malicious link) and affects the latest demo version. A vendor patch is available.

XSS Cradle
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-3319 MEDIUM PATCH This Month

Reflected XSS in Cradle eCommerce platform allows unauthenticated remote attackers to execute arbitrary JavaScript in user browsers via unsanitized input reflected in the /collection/ endpoint. The vulnerability requires user interaction (clicking a malicious link) but affects the latest demo version with CVSS 5.1 (low-medium severity). No public exploit code or active exploitation has been identified at time of analysis, though a vendor patch is available.

XSS Cradle
NVD
CVSS 4.0
5.1
EPSS
0.0%
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Reflected cross-site scripting (XSS) in Cradle eCommerce platform allows unauthenticated remote attackers to execute arbitrary JavaScript in users' browsers via crafted input to the /product/ endpoint. The vulnerability requires user interaction (clicking a malicious link) and affects the latest demo version. A vendor patch is available.

XSS Cradle
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Reflected XSS in Cradle eCommerce platform allows unauthenticated remote attackers to execute arbitrary JavaScript in user browsers via unsanitized input reflected in the /collection/ endpoint. The vulnerability requires user interaction (clicking a malicious link) but affects the latest demo version with CVSS 5.1 (low-medium severity). No public exploit code or active exploitation has been identified at time of analysis, though a vendor patch is available.

XSS Cradle
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy