EUVD-2026-29057

ID: EUVD-2026-29057

Severity: medium

CVSS v4: 5.1 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

Reflected Cross-Site Scripting (XSS) in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /product/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code.

Timestamps

Normalized: 2026-05-11T17:10:52Z UTC
Last updated: 2026-05-11T17:10:52Z UTC

References

No references provided.

VulnAI

EUVD-2026-29057

Description

Timestamps

References