Primary

Context

Cradle eCommerce Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in the latest demo version of the Cradle eCommerce platform. This issue arises because user-controlled input is insecurely reflected in the HTML output at the '/collection/' endpoint. Exploiting this vulnerability would allow an attacker to execute arbitrary JavaScript code.

Impact

Exploitation of this vulnerability could lead to the execution of arbitrary JavaScript code in the context of the user's browser.

Remediation

The Cradle team has fixed this vulnerability in the latest version of Cradle eCommerce.

Added: May 11, 2026, 4:43 PM

Updated: May 11, 2026, 4:43 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.2

remediation

0.0

relevance

8.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.2

remediation

0.0

relevance

8.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cradle eCommerce Reflected Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Cradle eCommerce

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating