Primary

Context

Cradle eCommerce Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in the latest demo version of the Cradle eCommerce platform. This issue arises because user-controlled input is insecurely reflected in the HTML output on the '/product/' endpoint. Exploiting this vulnerability would allow an attacker to execute arbitrary JavaScript code.

Impact

Exploitation of this vulnerability could lead to the execution of malicious JavaScript in the context of the user's browser, potentially allowing for session hijacking or other malicious actions.

Remediation

The Cradle team has fixed this vulnerability in the latest version of Cradle eCommerce.

Added: May 11, 2026, 4:42 PM

Updated: May 11, 2026, 4:42 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.2

remediation

0.0

relevance

8.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.2

remediation

0.0

relevance

8.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cradle eCommerce Reflected Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Cradle eCommerce

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating