CVE-2026-11975
UNKNOWN
NVD
CVSS Score
0
Severity
UNKNOWN
Published
Jun 17, 2026
Vendor
unknown
Description
Stored cross-site scripting (XSS) in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML sanitization and rendered unencoded via @Html.Raw()