{"id":80684,"date":"2026-06-17T15:48:28","date_gmt":"2026-06-17T12:18:28","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-11975-stored-cross-site-scripting-xss-in-simplcommerce-news-module-admin-interface\/"},"modified":"2026-06-17T15:48:28","modified_gmt":"2026-06-17T12:18:28","slug":"cve-2026-11975-stored-cross-site-scripting-xss-in-simplcommerce-news-module-admin-interface","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-11975-stored-cross-site-scripting-xss-in-simplcommerce-news-module-admin-interface\/","title":{"rendered":"CVE-2026-11975 &#8211; Stored Cross-Site Scripting (XSS) in SimplCommerce News Module Admin Interface"},"content":{"rendered":"<p>CVE ID :CVE-2026-11975<\/p>\n<p>  Published : June 17, 2026, 12:18 p.m. | 1\u00a0hour, 24\u00a0minutes ago<\/p>\n<p>  Description :Stored cross-site scripting (XSS) in NewsItemApiController\u00a0In SimplCommerce prior to commit 6142d3b5\u00a0allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML\u00a0sanitization and rendered unencoded via @Html.Raw()<\/p>\n<p>  Severity: 6.2 | MEDIUM<\/p>\n<p>  Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID :CVE-2026-11975 Published : June 17, 2026, 12:18 p.m. | 1\u00a0hour, 24\u00a0minutes ago Description :Stored cross-site scripting (XSS) in NewsItemApiController\u00a0In SimplCommerce prior to commit 6142d3b5\u00a0allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML\u00a0sanitization and rendered unencoded via @Html.Raw() Severity: 6.2 | MEDIUM Visit the &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-80684","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/80684","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=80684"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/80684\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=80684"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=80684"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=80684"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}