VulnerableCode Package Details - pkg:composer/craftcms/composer@5.5.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/craftcms/composer@5.5.1

Essentials
History (1)

purl	pkg:composer/craftcms/composer@5.5.1

Next non-vulnerable version	5.5.2
Latest non-vulnerable version	5.5.2
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-myw9-3vre-xuay Aliases: CVE-2026-25485 GHSA-w8gw-qm8p-j9j3	Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Categories (Name & Description) fields in the Store Management section are not properly sanitized before being displayed in the admin panel. This issue has been patched in versions 4.10.1 and 5.5.2.	5.5.2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-11T20:37:45.702923+00:00	GHSA Importer	Affected by	VCID-myw9-3vre-xuay	https://github.com/advisories/GHSA-w8gw-qm8p-j9j3	38.6.0