Stored Cross-Site Scripting (XSS) in SimplCommerce News Module Admin Interface_CVE-2026-11975

{
    "lastseen": "",
    "description": "Stored cross-site scripting (XSS) in NewsItemApiController\u00a0In SimplCommerce prior to commit 6142d3b5\u00a0allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML\u00a0sanitization and rendered unencoded via @Html.Raw()",
    "published": "2026-06-17T12:18:28.771Z",
    "modified": "2026-06-17T12:18:28.771Z",
    "type": "cve",
    "title": "Stored Cross-Site Scripting (XSS) in SimplCommerce News Module Admin Interface",
    "source": "Checkmarx",
    "references": "https://github.com/simplcommerce/SimplCommerce/pull/1151\nhttps://github.com/simplcommerce/SimplCommerce/commit/6142d3b5147899e0edb41663ae20183878ab39f7",
    "id": "CVE-2026-11975",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "simplcommerce SimplCommerce 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.2,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:H/SI:H/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SimplCommerce",
    "version": "0",
    "vendor": "simplcommerce",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}