CVE-2026-25491 – Craft has a Stored XSS in Entry Types Name

CVE ID : CVE-2026-25491

Published : Feb. 9, 2026, 7:25 p.m. | 56 minutes ago

Description : Craft is a platform for creating digital experiences. From 5.0.0-RC1 to 5.8.21, Craft has a stored XSS via Entry Type names. The name is not sanitized when displayed in the Entry Types list. This vulnerability is fixed in 5.8.22.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-25498 – Craft has a potential authenticated Remote Code Execution via malicious attached Behavior

CVE-2026-25497 – Craft has a GraphQL Asset Mutation Privilege Escalation

CVE-2026-25496 – Craft has a stored XSS in Number Prefix & Suffix Fields

CVE-2026-25495 – Craft has a SQL Injection in Element Indexes via criteria[orderBy]